Security at Inkit

Data Security is Inkit’s top priority.

From our origins in the Financial space, to our work in Healthcare and the Federal Government, data security isn’t just a box we tick, it’s our core principle.

Put simply, this means that data security is built-in to both our operations and our products from the ground-up, via:

Internal Threat Models

Routine Internal & External Security Assessments

Security-Driven Software Development

SOC2 Certified

Sign up
Sign up with Google
Sign up with Microsoft
Sign up with Github
By signing up, you agree to Inkit's Terms of Service and Privacy Policy
Trusted by the world’s top enterprises

Inkit's Built-In Security

AES 256 End-to-End Encryption

All the PII you hold will be automatically encrypted by Inkit

Role Based Access Controls

Set custom access controls so only authorized roles can access specific folders and documents

Expiry & Self-Deletion

Documents can be set to “self-destruct” automatically after a number of views, days, or on a fixed date

2FA Support

Secure your organization’s access by introducing 2FA to Inkit logins

Full Audit Log

Track every event and action made by your users and systems in Inkit (like who viewed a certain document and when)

Webhook Notifications

Secure your workflow outside of Inkit by configuring triggers and events between your systems and Inkit’s API

Live Document Alerts

Staff responsible for your data security can be notified immediately when your most important documents are rendered and viewed

SSO Support

Link Inkit to your existing login security with SSO support

Direct & Automatic Storage

Eliminate the need for manual exports of sensitive documents and reduce the risk of “floating documents”

One-Time-Viewing

Some information should only be viewed once and then automatically restricted – Inkit’s one-time-viewing provides the solution

Secure API Integration

Inkit’s API safely and seamlessly integrates with your existing systems and processes

Secure Personnel

Insider Threat Prevention

All Inkit Inc contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.

Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.

We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques and attack vectors.

Inkit’s Security Team

Organization-wide protection isn’t just limited to the initial build of operations and products. Inkit’s security professionals are the manual backbone that ensures the continuous maintenance and improvement of our digital security systems. Their preventative measures revolve around the three security pillars of Monitoring, Risk Analysis, and Mitigation – each of which are achieved through:

Detection & Response
Governance, Risk and Compliance (GRC)
Cloud Security Hardening
Product Security Hardening

Compliance Program & SOC2 Certification

As with Inkit’s overarching security commitments, we also have a team dedicated to maintaining Inkit’s binding Data Processing Addendum. This means our customers can feel 100% confident that their data protection needs are being addressed in-line with a full security documentation pack. To further this assurance, Inkit is fully SOC2 Compliant.

Secure Personnel

Individual Product Security

As well as Inkit’s own operational security, our products are also built with Data Security as their guiding principle. As referenced in the Penetration Testing section of this page, each of Inkit’s products are tested for security vulnerabilities regularly. Outside of their own security, Inkit’s products were developed to help our customers take control of their own Data Security. In particular, Inkit’s customizability allows organizations to adapt its capabilities so their paperless operations comply with virtually any security standard (through features such as: AES 256 Encryption, Document Self-Deletion, 2FA Support, and more). You can discover more about Inkit’s primary security product on:

Inkit.com

Secure Development

Insider Threat Prevention

Penetration testing is performed regularly by reputable third parties to ensure a complete, fair, and realistic assessment of our products’ security.

To support our clear & practical security policies, these reports are available on request. Please email security@inkit.com if you’d like to access them.

Security Updates & Vulnerability Alerts

Our customers are updated on all relevant security vulnerabilities and enhancements via our changelog at: https://docs.inkit.com/changelog

Vulnerability Reporting

As part of our clear and practical security policies, Inkit welcomes the discovery of any potential security vulnerabilities made by individuals or companies.

Although our continuous monitoring, regular testing, and routine mitigation procedures provide a comprehensive security infrastructure, we still understand the importance of encouraging any external discoveries.

If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Inkit systems, please email security@inkit.com

To support a timely and effective response to your report, please include any of the following:

Inkit takes all vulnerability reports seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it.

After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.

Security issues that we have already assessed for risk and will address include:

  • Steps to reproduce or proof-of-concept
  • Any relevant tools, including versions used
  • Tool output
  • HTTPS configuration, including supported TLS versions
  • HTTP headers, for purposes including Strict Transport Security, Content Security Policy, and clickjacking/XSS protection
  • DNS records including those related to email (SPF, DKIM, DMARC) and certificate issuance (CAA)

Inkit Inc was audited by Prescient Assurance , a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com