Trust
Our commitment to protect your privacy
Instinct has focused on implementing key data security protections from its inception. We implement technical and organizational measures aimed at assuring the security, integrity, and confidentiality of our customers’ data.
Our policies and procedures continuously derive from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (a collection of security standards, guidelines, and practices designed to protect critical infrastructure) to provide an industry-leading approach to keeping the data of Instinct customers secure.
For more information on specific cybersecurity protections in place, click here.
Data Encryption
All customer data is encrypted with TLS 1.2+ in transit and AES-256 at rest. Your passwords are salted and hashed using bcrypt.
Data Segregation
Strict controls are put in place to prevent data leakage. Development, QA, and production environments are all isolated to keep data where it belongs.
Firewalls
AWS VPC, subnet, and security group rules are leveraged to control network traffic. Application-level ingress and egress filtering are implemented to control inbound and outgoing traffic.
Penetration testing
Application-level security testing is performed by an outside firm using relevant methodologies such as the OWASP Top 10.
Data Hosting Security
Secure SDLC processes, including threat modeling, design reviews, code reviews, SCA, and manual QA are implemented to keep the product free of bugs.
Cybersecurity Awareness Training
We conduct annual cybersecurity awareness training as part of cultivating our cyber-aware culture. Training targets phishing, escalating issues, insider threats, and malware.
Enterprise access to your account
We offer SSO integration with any SAML-based IdP and support SCIM for customers to automatically provision and deprovision user accounts.
Role-based access permissions
Customers can granularly configure users and permissions and assign privileges by role, department, and group to allow least privilege access.
Customer audit logs
Audit logs are maintained in the Instinct dashboard for customer actions and include the date, user, action, and target of the action.
Secure Access to Production
Employee access is role-based, least privileged, and fully logged. Access adheres to the Zero Trust Model and requires multi-factor authentication.
Background Checks
Background checks are completed for all full-time employees in accordance with applicable legal requirements. We perform checks on criminal records, sex offender watchlists, and global watchlists.
Endpoint Security
Mobile Device Management (MDM) is configured to enforce security profiles for all employee devices. Enterprise anti-malware is installed to quarantine and alert on potential viruses.
Vulnerability Disclosure Program
Security is a top priority for Instinct, and we believe that working with skilled security researchers can identify weaknesses in any technology.
If you believe you have found a security vulnerability on Instinct, please let us know right away by emailing us at security@useinstinct.com. We will investigate all reports and do our best to quickly fix valid issues. While we can not guarantee a bounty, we may issue a reward depending on your findings.