Security Overview
Security of your content, metadata, and information held within iconik is our highest priority. As an iconik customer you benefit from iconik's security model, infrastructure, compliance to standards and development helps keep you content and related information secure and you in control.
We comply with the latest General Data Protection Regulation (GDPR) across iconik.
Sometimes we need to share user data with third parties in order to deliver a better service. Third parties systems where we remove all user identifiable data include:
- Google Analytics
- Segment
- Mixpanel
- Sentry
For more information and a detailed list of all subcontractors, please see Appendix 1, section 5 of the Data Processing Agreement.
We do not store credit cards ourselves but utilise Stripe to provide services for managing your billing, credit card information and invoicing. We are PCI-DSS compliant, and you can find our PCI-DSS SAQ-A here
Our information security program is aligned with ISO 27001, but we are not ISO 27001 certified.
We perform regular penetration testing and security audits to ensure that we are up to date with the latest security standards and best practices. iconik has been audited by a third party for SOC2 compliance. We can share both an executive summary of our latest pen test and the SOC2 report under NDA. Please contact us via the Support form below for more information.
Security Model
iconik's security model is built to provide you control whilst being secure from the outset.