We're committed to data security and privacy.
Iteratively recognizes the importance of security and has prioritized a sound security and privacy posture since its founding. The Iteratively service runs on world-class, modern cloud infrastructure operated by 3rd party providers with consistently excellent security track records like Heroku and AWS. It is operated by a small team of engineers that have managed enterprise-grade SaaS services at scale at startups and Fortune 100 companies alike and who understand ensuring the safety and privacy of customer data must underpin every step in our process.
Network and application security
- Data is always transmitted over encrypted connections (TLS 1.0-1.2) and stored encrypted at rest (AES-256).
- Full logical separation of development and production environments, with named, dedicated accounts for each.
- Infrastructure is automatically monitored to verify it’s configured securely, has the latest security patches, and all activity by employees is logged.
- Development is done using industry-wide best practices including automated and manual testing, code reviews, continuous deployments, production logging and alerts, and regular performance benchmarking.
- All projects go through a security-design review prior to kickoff and an audit prior to being released.
- Admins can enable SSO via Google. Users will never need to set up a password to log in to their account.
- All employees complete annual security and awareness training.
- Your data is yours to own and we will never share or sell your data.
- Internal policies and rules restrict access to customer data to authorized ops team members for customer support and debugging reasons only.
- Iteratively has appointed a Data Protection Officer to oversee our ongoing compliance efforts.