Information Security Policy
We take your security and privacy seriously. That is why we have created the safest possible processes available to ensure that our service is stable and that there are no security gaps.
The Instapage Information Security Policy is based on the ISO/IEC 27001 standard.
Communication and Operation Management
Instapage is a cloud-based solution, serviced by Google and Amazon cloud services. All stored and transferred data is encrypted.
On certain Instapage plans, SSL certificates are available for all custom domains at no additional cost. SSL certificates for all landing pages created on any custom domain are available.
This feature gives users the ability to verify that a website is valid and authentic, confirms that the connection is from a legitimate website, and that all interactions between the browser and the website are secure and encrypted.
If you operate in a sector that adheres to strict security and privacy standards (e.g. PCI-DSS or HIPAA), or collect information and transact, our SSL feature makes it easy to satisfy security policies laid out by your IT and/or legal teams.
Each time a user signs into instapage.com, they receive a unique session identifier. Each session identifier is 64-bytes of random data to protect against brute force logins.
When signing out, the session cookie is deleted and the session identifier is invalidated on all Instapage servers.
Instapage regularly updates its network architecture schema and data flows between systems.
Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
All hosts run centrally managed endpoint protection software, this includes:
- Antivirus (regularly updated with security patches)
- Full disk encryption
- Browser check
- Host intrusion prevention system to control and prevent unknown or suspect network flow
Access to a customer’s information is restricted within Instapage and is only authorized for the purposes of providing direct customer support or for future product enhancements. Under no circumstances is sensitive customer data shared with anyone outside of Instapage and its subcontractors.
Add multiple users with different roles and choose which of your client accounts can be accessed without having to share your private login details.
System Development and Maintenance
Instapage security meets OWASP standards for software and adheres to all applicable legal, statutory, or regulatory compliance obligations.
Information Security Incident Management
Instapage has a rapid response Security Incident Response Plan designed to quickly and systematically respond to any security incidents that may arise. The incident response plan is tested and refined on a regular basis.
Business Continuity Management
Our infrastructure is designed to provide stability and to minimize service interruption due to hardware failure, natural disaster, or other catastrophes.
To help ensure availability in the event of a disaster, we replicate data across multiple data centers.