Rigorous Security Infrastructure to Protect Your Information
Give your employees, and key stakeholders peace of mind that their personal information is safe and secure. We invest time and resources to ensure platform security, and so that you don't need to worry about privacy laws and regulations
How Our Security Infrastructure Works
Why We Invest in Security
A deeper dive into how IncentFit's
Security Infrastructure gives administrators peace of mind...
Robust Information Security
Our team has set up a robust information security infrastructure, and we enhance our platforms security by implementing regular security processes, and complying with top-tier security and privacy standards.
- SOC 2 Compliant: We comply with SOC 2 security standards in order to set up the right safeguards to protect the security, confidentiality, and integrity of your information.
- Annual Penetration Testing: We get independently audited on an annual basis in order to maintain the security and integrity of our system.
- In-House US-based Software Development Team: We don’t employ external software developers and all of our developers are based in our office in Philadelphia. We are architected for security and we conduct security reviews before each update.
We Process our Own Data
Some wellness platforms may use third parties, or subcontractors to process data or provide services. We don’t do that. All of your wellness program data is processed by our US-based Amazon Web Services servers.
Learn more about how IncentFit processes data
Security and Privacy Standards Compliance
We ensure that your employees personal data is protected, and handled responsibly according to HIPAA, GDPR, and CCPA regulations. In order to ensure compliance with privacy regulations, we implement these safeguards:
- Encrypting data in transit and in storage in a secure cloud hosted environment
- Implementing secure authentication and access controls
- Regularly backing up data in multiple locations
- Regularly training our employees on data privacy and security
- Notify any users affected by a data breach within 2 business days
- Give users the ability to delete their data from our systems