Security at Inkit

Our users place a high level of trust in Inkit to manage mission critical infrastructure. The security of customer data, of our products, and our services are a top priority. Inkit's best-in-class security starts at the foundational level and includes internal threat models, routine internal and external security assessments, and secure software development.

Security Team

Inkit has a team of security professionals dedicated to securing, protecting and hardening the security of the company and its products. Our security pillars hinge on monitoring, risk analysis, and mitigation through:

  • Detection & Response
  • Governance, Risk and Compliance (GRC)
  • Cloud Security Hardening
  • Product Security Hardening

Compliance Program

We have a team dedicated to our compliance program and are committed to providing our customers with all relevant security documentation to build a foundation of trust in our company and products. We are in the final stages of our SOC 2 certification.

📘

Our Data Processing Addendum

DPA can be accessed here

If you have any additional questions around our security program, please email [email protected]

Penetration Testing

Inkit hires reputable external, third parties to perform regular security assessment and penetration testing of our products. Please email [email protected] for those reports.

Security Updates & Vulnerability Alerts

Inkit publishes security updates, which address security vulnerabilities and enhancements.
This is directly accessible at https://docs.inkit.com/changelog

Please consider subscribing to email notifications or RSS for all security updates.

Vulnerability Reporting

We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. We do have a bug bounty program and invite participation.

If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Inkit systems, please email [email protected].

To support a timely and effective response to your report, please include any of the following:

  • Steps to reproduce or proof-of-concept
  • Any relevant tools, including versions used
  • Tool output

Inkit takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.

Security issues that we have already assessed for risk and will address include:

  • HTTPS configuration, including supported TLS versions
  • HTTP headers, for purposes including Strict Transport Security, Content Security Policy, and clickjacking/XSS protection
  • DNS records including those related to email (SPF, DKIM, DMARC) and certificate issuance (CAA).

Did this page help you?