Privacy Policy

InsideOut has made it a priority to protect user data and we have implemented processes and procedures to ensure we meet both our Data Controller and Data Processor obligations under the European Union’s (EU) General Data Protection Regulation (GDPR).

InsideOut has conducted a risk-based gap analysis to determine our readiness for GDPR of our current capabilities and validated the assessment by implementing new policies, conducted employee training sessions and deployed additional features on our website to safeguard Data Subject data.

InsideOut has strong data protection systems and controls, including encryption of data in transit and at rest, to safeguard the Data Subject’s data from unintended disclosure or misuse. InsideOut follows industry standard best information security practices and rigorously tests its systems to proactively remedy vulnerabilities. InsideOut maintains incident response and notification processes which are reviewed and tested annually. InsideOut has procedures in place to ensure data recovery and data integrity, so that customer data is not lost or inadvertently corrupted.

InsideOut’s key data sub-processors, e.g. Amazon Web Services (AWS) and Salesforce, all maintain rigorous security standards (SOC2 and/or ISO 27001 certifications, where possible), and undergo annual vendor reviews.

It is important to note that GDPR does not have an accredited certification method. That means, there is no GDPR-approved way to demonstrate compliance. If you have questions regarding our compliance, please see the GDPR section on our Contact page to reach our Data Protection Officer to provide assistance and gladly answer any questions you may have in a timely fashion.

If you or your company wish to have their data completely removed from our systems, please email support@insideoutlab.com.

It is important to understand your rights in relation to the GDPR regardless of where you or your organization reside. For more information on GDPR, please contact our Data Protection Officer or visit General Data Protection Regulation (EU) 2016/679.