Introvy
Sign In
📄

Security Policy

Last updated: 5/13/2026

Security and Data Breach Notification Policy

Effective Date: April 27, 2026 Last Updated: April 27, 2026

1. Security Commitments

Introvy implements and maintains industry-standard technical and organizational security measures to protect user data, including:

  • Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher
  • Encryption at rest: Sensitive data is encrypted in storage
  • Access controls: Least-privilege access principles; employees and contractors access only the data needed for their role
  • Authentication: Secure session management and authentication for all user accounts
  • Infrastructure: Hosted on Vercel (frontend), Render (backend), and Supabase (database) — all enterprise-grade platforms with their own security certifications
  • Monitoring: Continuous logging and monitoring of platform activity
  • Dependency management: Regular review and updating of third-party dependencies

2. Data Breach Notification

In the event of a confirmed personal data breach that affects your data:

  • We will notify affected users without undue delay and within any timeframes required by applicable law
  • Notification will be sent to the email address associated with your account
  • Notification will include: the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed
  • For breaches affecting EEA/UK residents, we will notify the relevant supervisory authority as required by GDPR

3. Responsible Disclosure

If you discover a security vulnerability in the Introvy platform:

  • Do not exploit it or access data beyond what is necessary to confirm the issue
  • Do not disclose it publicly before giving us reasonable time to address it
  • Report it to: hello@introvy.ai with subject line: Security Vulnerability Report

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information

We will acknowledge receipt within 48 hours and work to address confirmed vulnerabilities promptly. We do not currently offer a formal bug bounty program, but we recognize responsible disclosures.

4. Third-Party Subprocessors

Introvy uses third-party services to operate the platform. These subprocessors have their own security certifications and are bound by data processing agreements. Key subprocessors:

  • Supabase — database and authentication (SOC 2 Type II)
  • Vercel — frontend hosting (SOC 2 Type II)
  • Render — backend compute
  • Stripe — payment processing (PCI DSS Level 1)

5. User Responsibilities

You are responsible for:

  • Keeping your login credentials confidential
  • Using strong, unique passwords
  • Notifying us immediately of unauthorized account access at hello@introvy.ai
  • Ensuring devices used to access Introvy are reasonably secured

6. Contact

Security inquiries: hello@introvy.ai

Introvy Solutions Inc New Lenox, IL, United States

Other Legal Documents

Privacy PolicyTerms of ServiceCookie NoticeAccessibility StatementData Processing AddendumDisclosuresDMCA PolicyLegal ContactAcceptable Use PolicyAI Content DisclaimerCandidate Video ReleaseSubprocessorsInternational Data Transfers

Cookies & local storage

We use strictly necessary cookies for sign-in, plus optional analytics that we never load until you say yes. We never load advertising trackers. Learn more.