Indio customers and their clients trust us with millions of pieces of sensitive and important data. That trust is based on us keeping that data both private and secure. Here are some of the ways we accomplish that.

When an agent or client uploads a file to Indio, it is sent over a secure connection, run through a full antivirus scan, and then encrypted before being stored securely on our servers. Access to uploaded files is protected through role-based permissions.

Indio never stores your password in plain text. All user passwords are stored using BCrypt2 with multiple rounds of hashing and a unique salt for each credential. All internal account access is protected by two-factor authentication and Indio employees are required to change passwords every 90 days.

We partner with Amazon Web Services to provide a secure and reliable cloud environment for our software. We use a combination of load balancers, firewalls, and VPNs to ensure that network access is restricted on an as-needed basis. We limit access to our production infrastructure and strongly authenticate that access.

All network communication in the Indio platform occurs over secure SSL/TLS. Our internal infrastructure rejects all packets sent on ports other than port 443 and redirects all unsecured port 80 requests over to port 443. We regularly audit the details of our implementation and the certificates that we serve.

In addition to SSL connections, automated data communication goes through additional encryption layers for enhanced security during transit and at rest for sensitive data.

All data at rest is encrypted using industry best practices with AES-256. Media disposal is handled in accordance with NIST guidelines in special publication 800-88. We take advantage of Amazon Web Services' cryptographic erasure processes in order to ensure that repurposing storage does not result in exposing private customer data.