Security & compliance
Insightly builds customer trust in the reliability of our platform by publishing availability information from all the services Insightly operates at status.insightly.com. Real-time availability information includes every planned and unplanned downtime incident our platform has ever experienced in the past, and upcoming planned downtime in the future. Each incident report includes an explanation of what services were affected, accurate timestamps for when the incident first started and when it was mitigated and resolved, and a brief explanation of the details of the incident.
Compliance security
audits to test for data safety, privacy, and security.
SOC 2
A SOC 2, Type II attestation reports on controls relevant to security, availability, processing integrity, confidentiality or privacy. SOC 2, Type II is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service.
Please reach out to your Customer Success Manager or Account Executive to receive a copy of Insightly’s SOC 2 report.
GDPR
The Insightly Main Subscription Agreement (MSA) and Data Processing Addendum (DPA), as updated from time to time, address the obligations and requirements of the European Union General Data Protection Regulation (GDPR); the UK Data Protection Act 2018 (collectively, “UK Privacy Law”), or any successor laws of the above. These documents make it easy for customers to share information with their stakeholders, including compliance and privacy managers, customers and potential auditors.
CCPA
The Insightly Main Subscription Agreement (MSA) and Data Processing Addendum (DPA) address the obligations and requirements of the California Consumer Privacy Act (CCPA)
HIPAA
Insightly is fully compliant with all obligations required for the privacy and security of Protected Health Information including those defined by the HIPAA Security Rule as a Business Associate under the United States Health Insurance Portability and Accountability Act of 1996.
People
- Provided training to customer-facing staff on their roles and responsibilities for compliance
- Updated company-wide security awareness materials to include new customer personal data protection and
privacy practices; - Established and assigned data protection roles and responsibilities;
- Established privacy@insightly.com for data subjects to submit requests
- California consumers (as defined by the CCPA) may exercise their rights by sending an email
to privacy@insightly.com - Retained outside counsel with extensive expertise in privacy and security matters to provide ongoing advisory
services for privacy compliance
Process
- Completed and revises privacy risk assessment to support customer data protection impact assessments
- Maintains SOC 2 security and confidentiality controls to support processing activities for protection of
customer personal data - Established and reviews DPAs and CCPA addenda with sub-processors of customer
personal data - Updated and reviews the Insightly Privacy Policy and procedures for compliance with privacy laws, regulations
and principles - Provides MSA, CCPA addendum and DPA upon request from privacy@insightly.com to support customer
compliance
Technology
- Established a privacy-by-design checklist
- Implemented features to support data subject requests from customers exercising their rights to erasure and
data portability
Experience the Insightly platform for yourself
Request a demo
