Security

We take security with the utmost importance here at Interseller. Here’s what we do to ensure we keep all of our data safe.

Encryption.

• All requests to Interseller including any interim connections across Interseller’s infrastructure is secured with HTTPS and/or SSL. Any connection or request using unsecured protocols, like HTTP, are redirected to its counterpart or terminated.
• Interseller uses HSTS, a protocol with well-known browsers that lets them know and enforce that our website uses HTTPS and should ignore HTTP.
• All data and customer data is encrypted at rest and encrypted in transit.
• All secret keys and customer keys (e.g. integrations) are encrypted with hardware security modules (HSM) for extra protection.
• Credit cards are stored and processed security with Stripe, which is PCI Level 1 compliant.

Infrastructure.

• All data is hosted and secured in a private environment. All publicly facing endpoints and IP addresses are firewalled.
• Access to our environment requires two-factor authentication and is allowed only from well-known employee IP addresses. Access attempts are logged securly and audited in real-time.
• We utilize denial of service (DOS) protection services and web application firewalls (WAF) to ensure our services are protected from attacks.
• Our infrastructure is audited automatically and our team follows a strict 30-day SLA to patch all infrastructure vulnerabilities.

Compliance.

• Greenhouse is Data Privacy Framework (EU-U.S.; UK Extension to the EU-U.S.; and Swiss) certified and complies with the EU General Data Protection Regulation (GDPR). Please visit https://www.greenhouse.com/data-processing-addendum if you would like to access and sign our DPA.

Inbox Access.

• Interseller has access to your inbox so that we can send emails on your behalf and know when your contacts in Interseller reply back to you.
• Interseller does not store any copies of your inbox on its servers. Interseller does keep copies of emails we send on your behalf and the first response from a contact directly to an email we’ve sent.

Third Parties.

• Interseller utilizes third parties to help us with support and account management services.
• Data shared to our third parties are limited to name and email address only. Absolutely no email data is ever shared with our partners.
• Interseller periodically audits its third-parties and partners to ensure the that our customer data is kept secure.

Internal Policies.

• We enforce two-factor authentication (2FA) with all sensitive data processors such as Slack, G Suite, Intercom and Stripe.
• We utilize a password manager to secure online accounts and share them across our team.
• We go through yearly scheduled security testing including security assessments with our partners. To obtain a copy of our report, please email privacy@interseller.io.
• Greenhouse is SOC 2 certified and has finished its Type 2 audit. To obtain a copy of our report, please email privacy@interseller.io.
• All employees and contractors sign a non-discolsure agreement.

Bounty Program.

We ask for security researches to report any security exploit to our HackerOne page under app.greenhouse.io. Qualifying reports will be answered within 5 days and will be paid on patch release. Reward amounts will depend exclusively on the severity of the vulnerability and has an upper limit of $500.00 USD. We do not reward researches for the following:

• DOS;
• Automated scripts;
• Mixed-content scripts;
• Social engineering;
• Regular bugs;
• Email flooding;
• Input
• Or not adhering to “best practices”

Please include the following information when submitting a report:

• Technical details of the vulnerability. Please include step-by-step instructions so we can reproduce it on our side. A video is greatly appreciated.
• Scope and impact of the vulnerability including what type of data an attacker can access.