Security & Scalability
  • 13 Jan 2020
  • 3 Minutes To Read
  • Contributors
  • Print
  • Share
  • Dark

Security & Scalability

  • Print
  • Share
  • Dark

We at inFeedo understand the seriousness of security and we strive to exceed the industry standard when it comes to protecting your data.


For any password protected file please contact

1. inFeedo and the EU General Data Protection Regulation (GDPR)

inFeedo is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well. A copy of the report is available upon request at

2. SOC 2

Controls over security, availability, and confidentiality.
A copy of the SOC 2 summary report is available for our existing customers upon request at

3. ISO 27001:2013

Provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.
A copy of the ISO certificate is available upon request at

4. Bi-annual VAPT Audit

Vulnerability Assessment and Penetration Testing (VAPT) are both security services that focus on identifying vulnerabilities in the network, server and system infrastructure.
A copy of the report is available upon request at

5. Annual Cloud Penetration Audit

The test identifies vulnerabilities (loopholes) on a system, network, or an application, and subsequently attempts to exploit those vulnerabilities.
A copy of the report is available upon request at


The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. We do this through a third party channel - Razorpay. You can check their privacy policies here.

7. Data Encryption

  • Each customer on our system has an encryption key which is generated as soon as first user signs / logs in up from that client.
  • This key is stored in our database, which is itself encrypted using AWS HSM.
  • When a user makes a request to our application, the corresponding client's key is fetched from database, decrypted by AWS HSM, and assigned to that user.
  • Using that key, any content created/read by that user is encrypted/ decrypted at the run time.
  • As soon as the request/response cycle completes, the key is destroyed.

8. Amazon Web Services (AWS) Hardware Security Module (HSM)

  • AWS Cloud HSM service helps us meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud.
  • CloudHSM complements existing data protection solutions and allows us to protect encryption keys within HSMs that are designed and validated to government standards for secure key management.
  • CloudHSM allows us to securely generate, store, and manage cryptographic keys used for data encryption.

9. Audit Logging and Monitoring Data Access Policy

inFeedo maintains an extensive centralised logging environment in its production environment which contains information pertaining to security, monitoring, availability, access and other metrics about the services. These logs are analysed for security events via automated monitoring software, overseen by the security team.

10. External Security Audits

We engage respected external security firms who perform regular audits of the inFeedo services to verify that our security practices are sound and to monitor our services for new vulnerabilities discovered by the security research community.

11. Business Continuity Plan (BCP) & Disaster Recovery (DR)

Customer Data is stored redundantly in multiple locations in our hosting provider’s data centres to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer Data and our source code are automatically backed up every night. The operations team is alerted in the event of a failure in this system.
A copy of the report is available upon request at

12. Technology Stack

  • Backend - NodeJS
  • Frontend - AngularJS and React JS
  • AI - R and Python
  • Database - Mysql
  • Cache Store - Elasticache
  • Cloud Infra - AWS

13. Scalability


Was This Article Helpful?