Security Practices

Last Updated: March 17, 2025

Our Commitment to Security

At DataBlueprint, we understand that the security and privacy of your data are paramount. Our platform is designed to help you transform your data into intelligent data models, and we take the responsibility of protecting that data seriously. This document outlines our security practices and the measures we take to ensure the confidentiality, integrity, and availability of your information.

Data Security

Data Storage and Encryption

We implement industry-standard encryption methods to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • Database backups are encrypted before being stored
  • Encryption keys are managed securely and rotated regularly

Data Isolation

We maintain strict data isolation between customers:

  • Each workspace's data is logically separated from other customers' data
  • Access controls prevent unauthorized cross-workspace data access
  • Our architecture is designed to prevent data leakage between workspaces

Data Retention and Deletion

We have clear policies regarding how long we keep your data:

  • Your data is retained for the duration of your subscription plus 30 days
  • You can request deletion of your data at any time through your account settings
  • When data is deleted, it is securely wiped using industry-standard methods
  • Backups containing deleted data are automatically purged after 90 days

AI Model Security

As an AI-powered data modeling platform, we take additional measures to secure our AI processing:

  • AI models are trained on anonymized, aggregated data and never on your specific data without explicit consent
  • Model inference is performed in isolated environments
  • We regularly audit AI outputs to ensure they don't contain sensitive information
  • AI-generated data models and transformations are subject to the same security controls as user-provided data

Infrastructure Security

Network Security

Our network is protected by multiple layers of security:

  • Firewalls and intrusion detection systems monitor and block suspicious activities
  • Regular vulnerability scanning and penetration testing
  • DDoS protection to ensure service availability
  • Network segmentation to limit the impact of potential breaches

Server Security

Our servers are hardened against attacks:

  • Regular security patches and updates
  • Minimal installed packages to reduce attack surface
  • Strict access controls and privilege management
  • Comprehensive logging and monitoring

Physical Security

Our infrastructure is hosted in secure data centers that provide:

  • 24/7 physical security with guards and surveillance
  • Biometric access controls
  • Environmental controls for temperature, humidity, and fire suppression
  • Redundant power and networking

Application Security

Secure Development Practices

We follow secure coding practices throughout our development lifecycle:

  • Regular security training for all developers
  • Static and dynamic code analysis to identify vulnerabilities
  • Peer code reviews with security focus
  • Regular dependency scanning for known vulnerabilities
  • Secure API design with proper authentication and authorization

Authentication and Access Control

We implement robust authentication and authorization mechanisms:

  • Strong password requirements and secure password storage using bcrypt
  • Multi-factor authentication support
  • Role-based access control within workspaces
  • Session management with secure cookies and automatic timeouts
  • Failed login attempt monitoring and lockout policies

API Security

Our APIs are designed with security in mind:

  • All API endpoints require authentication
  • Rate limiting to prevent abuse
  • Input validation to prevent injection attacks
  • CORS policies to prevent unauthorized cross-origin requests
  • API keys are securely stored and can be rotated by users

Operational Security

Security Monitoring and Incident Response

We continuously monitor our systems and have procedures in place to respond to security incidents:

  • 24/7 monitoring of systems and networks
  • Automated alerts for suspicious activities
  • Documented incident response procedures
  • Regular security incident drills
  • Post-incident analysis and improvement

Employee Access and Training

We ensure our team follows security best practices:

  • Background checks for all employees
  • Least privilege access model
  • Regular security awareness training
  • Secure access methods including VPN and multi-factor authentication
  • Clear procedures for employee offboarding

Vendor Management

We carefully select and monitor our vendors:

  • Security assessment of all third-party vendors
  • Contractual security requirements
  • Regular review of vendor security practices
  • Limited access to only what vendors need

Compliance

We align our security practices with industry standards and regulations:

  • Regular security assessments and audits
  • Alignment with SOC 2 principles
  • GDPR compliance for handling personal data
  • CCPA compliance for California residents
  • Industry-specific compliance as required by our customers

Security Reporting

We encourage responsible disclosure of security vulnerabilities:

  • If you discover a security vulnerability, please report it to security@inzata.com
  • We commit to investigating all legitimate reports and responding within 48 hours
  • We do not engage in legal action against security researchers who follow responsible disclosure practices

Updates to Security Practices

We regularly review and update our security practices:

  • Security policies are reviewed at least annually
  • Updates are made in response to emerging threats and technologies
  • Major changes to our security practices will be communicated to customers

Return to Home | Privacy Policy | Terms of Service