INFYNAX
Security & Compliance

Enterprise-grade security, by default

Security is not a feature at INFYNAX — it's the foundation. From the way we store your data to how we handle access control, every layer is hardened to protect your business and your customers.

Industry certifications

SOC 2 Type II

Independently audited annual report covering Security, Availability, and Confidentiality trust service criteria.

GDPR Compliant

Full compliance with the EU General Data Protection Regulation. DPA available on request.

ISO 27001

Information Security Management System (ISMS) certified to the international ISO/IEC 27001:2022 standard.

Infrastructure

INFYNAX runs on AWS infrastructure across multiple availability zones for maximum redundancy and low latency delivery worldwide.

  • Multi-region AWS deployment (US, EU, APAC)
  • 99.9% uptime SLA with financial credits
  • Automated daily backups with 30-day retention
  • Point-in-time recovery for databases
  • DDoS mitigation via AWS Shield Advanced
  • CDN-accelerated API endpoints globally

Data Security

Your data is encrypted in transit and at rest. We use industry-standard algorithms and rotate keys regularly.

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • No plaintext credential storage — bcrypt hashing
  • Role-based access control with least privilege
  • API keys scoped by workspace and permission level

Compliance & privacy

GDPR

  • Data Processing Agreements (DPA) available
  • Right to erasure ("forget me") API
  • Data portability export
  • EU data residency option

CCPA

  • California Consumer Privacy Act compliant
  • Opt-out of data sale (we never sell data)
  • Consumer rights request portal
  • Annual privacy disclosure

WhatsApp Business Policy

  • Opt-in only messaging — no cold outreach
  • Meta-approved templates only
  • Opt-out management built in
  • Policy violation detection and alerts

Access Control

  • MFA enforcement (TOTP + WebAuthn)
  • SSO via Google OAuth and SAML 2.0
  • Session management with idle timeout
  • IP allowlisting (Enterprise)

Penetration Testing

  • Annual third-party pen test by certified firm
  • Continuous automated vulnerability scanning
  • Bug bounty programme via HackerOne
  • Responsible disclosure policy

Incident Response

  • 24-hour breach notification SLA
  • Dedicated security incident response team
  • Post-incident reports published
  • 72-hour regulatory notification where required

Have security questions?

Our security team is happy to answer questions, complete vendor security questionnaires, or provide our latest pen-test report under NDA.

Contact Security Team security@infynaxlabs.com