How can we help?

  1. InspectU
  2. General
  3. Legal

Security Policy

Arn
Arn
Updated

In this article

    InspectU | InspectUpro.com

    Effective Date: March 2026

     

    1. Our Commitment to Security

    At InspectU, protecting your data is fundamental to everything we do. We understand that you trust us with critical operational information — from workplace audits and inspections to training records and compliance documentation. We take that responsibility seriously. Our security program is designed to safeguard your data at every level, from infrastructure and encryption to access controls and employee training. This page provides an overview of the security measures we have in place.

    2. Infrastructure Security

    InspectU is hosted on Amazon Web Services (AWS), a world-class cloud infrastructure provider. Our infrastructure security measures include:

    • All customer data is hosted in AWS data centers located in the United States.
    • AWS data centers maintain SOC 1, SOC 2, and ISO 27001 certifications, ensuring rigorous physical and environmental security controls.
    • Redundant infrastructure with automatic failover to minimize downtime and ensure high availability.
    • DDoS (Distributed Denial of Service) protection to defend against volumetric and application-layer attacks.
    • Network-level firewalls and security groups to restrict unauthorized access to internal systems.

    3. Data Encryption

    We encrypt your data both in transit and at rest:

    • Data in Transit: All connections to InspectU are secured using TLS 1.2 or higher encryption. This ensures that data transmitted between your browser or device and our servers cannot be intercepted or tampered with.
    • Data at Rest: All customer data stored in our databases and file systems is encrypted using AES-256 encryption, the industry standard for data protection.
    • Database Encryption: Encryption is enabled at the database level, ensuring all stored records are protected.
    • Encrypted Backups: All backups are encrypted using the same standards as production data.

    4. Access Controls

    We enforce strict access controls to ensure that only authorized individuals can access your data:

    • Role-Based Access Control (RBAC): The InspectU platform supports granular role-based permissions, allowing organizations to control who can view, edit, and manage data within their account.
    • Multi-Factor Authentication (MFA): MFA is available for all customer accounts and can be enabled by account administrators for added security.
    • Internal MFA Requirement: All InspectU employees with access to production systems and customer data are required to use multi-factor authentication.
    • Principle of Least Privilege: Internal access to systems and data is granted on a need-to-know basis. Employees only receive the minimum permissions necessary to perform their job functions.
    • Regular Access Reviews: We conduct periodic reviews of access permissions to ensure they remain appropriate and revoke access promptly when it is no longer needed.

    5. Application Security

    We follow secure development practices throughout the software development lifecycle:

    • Secure Software Development Lifecycle (SDLC): Security is integrated into every phase of our development process, from design through deployment.
    • Code Reviews: All code changes undergo peer review before being merged into production, including review for security vulnerabilities.
    • Dependency Scanning: We use automated tools to scan third-party libraries and dependencies for known vulnerabilities and apply patches promptly.
    • Penetration Testing: [Annual/Quarterly] penetration tests are conducted by qualified third-party security firms to identify and remediate vulnerabilities.
    • Web Application Firewall (WAF): A WAF provides an additional layer of protection against common web application attacks, including SQL injection and cross-site scripting (XSS).

    6. Data Protection

    We implement multiple layers of data protection to ensure the availability and integrity of your data:

    • Automated Daily Backups: Customer data is backed up automatically every day to protect against data loss.
    • Backup Retention: Backups are retained for [30 days], providing a recovery window for accidental deletion or data corruption.
    • Point-in-Time Recovery: Our database infrastructure supports point-in-time recovery, allowing us to restore data to any specific moment within the backup retention window.
    • Data Isolation: InspectU operates a multi-tenant architecture with strict logical separation between customer accounts. Each customer's data is isolated and inaccessible to other customers.
    • Data Retention and Deletion: Customer data is retained and deleted in accordance with our Privacy Policy. Upon account termination, customer data is deleted within the timeframes specified in our Terms of Service.

    7. Monitoring and Incident Response

    We maintain continuous monitoring and a structured incident response process:

    • 24/7 Infrastructure Monitoring: Our systems are monitored around the clock for performance, availability, and security anomalies.
    • Automated Alerting: Automated alerting systems notify our engineering and security teams immediately when anomalies or potential security events are detected.
    • Incident Response Procedures: We maintain documented incident response procedures that define roles, responsibilities, escalation paths, and communication protocols for security incidents.
    • Breach Notification: In the event of a confirmed data breach, InspectU will notify affected customers in accordance with our Data Breach Notification Policy and applicable legal requirements.

    8. Employee Security

    Our people are an essential part of our security posture:

    • Background Checks: All employees and contractors who have access to customer data undergo background checks prior to being granted access.
    • Security Awareness Training: All employees receive security awareness training upon hire and at least annually thereafter. Training covers topics including phishing, social engineering, secure coding practices, and data handling.
    • Confidentiality Agreements: All employees and contractors are required to sign confidentiality and non-disclosure agreements as a condition of engagement.
    • Onboarding and Offboarding: We maintain documented procedures for granting access during onboarding and promptly revoking all access upon offboarding or role changes.

    9. Compliance

    InspectU is committed to meeting the highest standards of data protection and regulatory compliance:

    • GDPR Compliant: We comply with the European Union General Data Protection Regulation, including providing Data Processing Agreements, maintaining a sub-processor list, and supporting data subject rights.
    • CCPA/CPRA Compliant: We comply with the California Consumer Privacy Act and California Privacy Rights Act, including honoring opt-out requests and providing required disclosures.
    • UK GDPR Compliant: We comply with the United Kingdom General Data Protection Regulation and support the UK International Data Transfer Addendum for international data transfers.
    • SOC 2 Type II: [In Progress / Certified] — InspectU is [pursuing / has achieved] SOC 2 Type II certification, which provides independent assurance of our security, availability, and confidentiality controls.
    • Third-Party Assessments: We engage qualified third-party firms to conduct regular security assessments and audits of our systems and processes.

    10. Responsible Disclosure / Vulnerability Reporting

    We value the work of independent security researchers and welcome reports of potential vulnerabilities. If you believe you have discovered a security vulnerability in InspectU, please report it responsibly:

    • Contact: security@inspectupro.com
    • Acknowledgment: InspectU will acknowledge receipt of your report within 3 business days.
    • Good Faith: We will not pursue legal action against security researchers who report vulnerabilities in good faith and in compliance with this policy.
    • Coordinated Disclosure: We request that you do not publicly disclose any vulnerability until we have had a reasonable opportunity to investigate and deploy a fix.

    11. Contact

    For security-related questions, concerns, or to report a vulnerability, please contact us:

    Email: security@inspectupro.com

    General Support: support@inspectupro.com

    InspectU

    2931 Ridge Rd, Suite 101 #537

    Rockwall, Texas 75032

    Phone: (945) 366-1511

    Website: InspectUpro.com

     

    Articles in this section