Intento's Data Protection Measures and Storage Practices

As a proxy solution between clients' tools and providers processing clients' data, we process large amounts of client data on a regular basis. The protection of this data is of utmost importance to Intento, and the company takes multiple measures to safeguard it.

One of the primary ways Intento protects client data is by signing a non-disclosure agreement (NDA) with each client. This agreement ensures that Intento does not disclose any of the client's confidential information to third parties.

Intento is also compliant with ISO 27001, which is a widely recognized standard for information security management systems. This certification verifies that we have implemented a comprehensive and systematic approach to managing sensitive information.

Furthermore, Intento is included in GDPR EN-US Privacy Shield, which ensures that the company complies with the General Data Protection Regulation (GDPR) and provides adequate protection for personal data transferred from the European Union to the United States.

In addition to these measures, Intento uses industry-standard encryption for all types of data crossing the platform. This ensures that any data that is intercepted by third parties cannot be read or understood.

We identify five types of customer data that may be processed on its platform. These include the customer contact information associated with the Intento account, customer request payload and response, customer credentials to third-party services, customer request metadata, and Intento API keys provided to the customer.

All customer data that is stored persistently is encrypted and can only be accessed by the user account that owns the data and Intento employees. This access is covered by proper NDAs, ensuring that the data is kept confidential and secure.

There are several types of storage where Intento may store user data. These include short-term in-memory storage, customer-Intento request logs (which contain request metadata and are used for billing purposes and calculating user statistics), Intento-Provider request logs (which contain detailed request data for debugging purposes and can be deleted by the user), async job storage (temporary storage of the request payload and response), and the credentials manager (persistent storage of customer credentials to third-party services).

Overall, Intento takes multiple measures to protect client data and ensure it is stored securely. By signing NDAs, complying with ISO 27001, and using industry-standard encryption, Intento is able to provide a safe and secure platform for processing large amounts of sensitive data.