Trust

Our commitment to protect your privacy

Security by default

Instinct has focused on implementing key data security protections from its inception. We implement technical and organizational measures aimed at assuring the security, integrity, and confidentiality of our customers’ data.


Our policies and procedures continuously derive from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (a collection of security standards, guidelines, and practices designed to protect critical infrastructure) to provide an industry-leading approach to keeping the data of Instinct customers secure.


For more information on specific cybersecurity protections in place, click here.

Infrastructure security
  • Data Encryption

    All customer data is encrypted with TLS 1.2+ in transit and AES-256 at rest. Your passwords are salted and hashed using bcrypt.

  • Data Segregation

    Strict controls are put in place to prevent data leakage. Development, QA, and production environments are all isolated to keep data where it belongs.

  • Firewalls

    AWS VPC, subnet, and security group rules are leveraged to control network traffic. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic.

Application security
  • Penetration testing

    Application-level security testing is performed by an outside firm using relevant methodologies such as the OWASP Top 10.

  • Data Hosting Security

    Secure SDLC processes, including threat modeling, design reviews, code reviews, SCA, and manual QA are implemented to keep the product free of bugs.

  • Cybersecurity Awareness Training

    We conduct annual cybersecurity awareness training as part of cultivating our cyber-aware culture. Training targets phishing, escalating issues, insider threats, and malware.

Product security features
  • Enterprise access to your account

    We offer SSO integration with any SAML-based IdP and support SCIM for customers to automatically provision and deprovision user accounts.

  • Role-based access permissions

    Customers can granularly configure users and permissions and assign privileges by role, department, and group to allow least privilege access.

  • Customer audit logs

    Audit logs are maintained in the Instinct dashboard for customer actions and include the date, user, action, and target of the action.

Operational security
  • Secure Access to Production

    Employee access is role-based, least privileged, and fully logged. Access adheres to the Zero Trust Model and requires multi-factor authentication.

  • Background Checks

    Background checks are completed for all full-time employees in accordance with applicable legal requirements. We perform checks on criminal records, sex offender watchlists, and global watchlists.

  • Endpoint Security

    Mobile Device Management (MDM) is configured to enforce security profiles for all employee devices. Enterprise anti-malware is installed to quarantine and alert on potential viruses.

Vulnerability disclosure

Vulnerability Disclosure Program

  • Security is a top priority for Instinct, and we believe that working with skilled security researchers can identify weaknesses in any technology.

  • If you believe you have found a security vulnerability on Instinct, please let us know right away by emailing us at security@useinstinct.com. We will investigate all reports and do our best to quickly fix valid issues. While we can not guarantee a bounty, we may issue a reward depending on your findings.