Security Integrations Features Pricing Use Cases Learn Blog Log In Start Free Trial Search
Security

Security & compliance

SOC 2 Type II audited. AES-256 at rest, TLS 1.3 in transit. GDPR, CCPA, FINRA-friendly. Customer data isolated, encrypted, and never sold.

Security posture in one paragraph

Infonet is a multi-tenant SaaS that handles LinkedIn outreach data for B2B sales teams. We encrypt all data at rest (AES-256) and in transit (TLS 1.3), isolate per-customer data via row-level access controls, run on SOC 2 Type II audited infrastructure (AWS in the US, Hetzner in the EU), and operate with a least-privilege access model for our own engineers. SOC 2 Type II report and DPA available on request for paid customers.

SOC 2
Type II audited (report on request)
AES-256
At-rest encryption
TLS 1.3
All connections in transit
7 years
Default message archive retention

Data handling

What we store

  • LinkedIn profile data your campaigns target (name, role, company, URL, public profile content)
  • Messages your account sends and receives via Infonet
  • Sequence configurations, voice library examples, campaign settings
  • OAuth tokens for connected services (LinkedIn session, CRM, email, calendar)
  • Audit log of every action taken in your workspace

What we never store

  • Your LinkedIn password — we use OAuth session cookies, never the password itself
  • Payment card data — processed by Stripe, never touches our servers
  • Plaintext API keys for connected services — encrypted at rest with per-customer keys
  • Personal data unrelated to outreach (we don't fingerprint, track for marketing, or build cross-customer profiles)

Encryption

All data at rest is encrypted with AES-256-GCM. Database encryption keys are managed via AWS KMS (US tenants) or HashiCorp Vault (EU tenants). All connections use TLS 1.3 with perfect forward secrecy. Internal service-to-service traffic is mutual-TLS authenticated.

Access controls

Within your workspace: role-based access (Admin, Manager, Rep) with audit logging. Custom roles available on Enterprise tier. SAML SSO via Okta, Azure AD, or Google Workspace on Enterprise tier.

Our internal access: principle of least privilege. Engineering-on-call has read access only when responding to specific support tickets, and every customer-data access is logged and reviewable. No engineer has bulk customer-data export rights without security-officer approval.

Compliance

SOC 2 Type II

Infonet has completed SOC 2 Type II audit covering Security, Availability, and Confidentiality trust principles. The report is available to any paid customer under NDA. Email security@infonet.co.

GDPR

EU customers and EU-data-subject prospects are handled under GDPR. We act as a data processor on your behalf. Standard Data Processing Agreement (DPA) available on request, signed counter-DPA returned within 5 business days. EU data residency available on Enterprise tier (Hetzner Frankfurt).

Data subject rights (access, deletion, objection) are honored within 30 days of request. See our GDPR posture guide.

CCPA

California residents have full rights to access, deletion, and opt-out of sale (we don't sell data, so opt-out is automatic). Privacy contact: privacy@infonet.co.

HIPAA

Infonet is not a HIPAA-covered entity and customers should not use Infonet to handle Protected Health Information. We sign Business Associate Agreements with healthcare-adjacent customers (e.g., medical device sales) where the use case is unambiguously B2B sales outreach without PHI exposure.

FINRA / SEC (financial services)

For financial advisor and RIA customers, Infonet's seven-year message archive, immutable record format, and exportable structure satisfy FINRA Rule 4511 and SEC requirements. Native exports to Smarsh, Global Relay, and Hearsay. Financial advisor use case.

Operational security

Hosting

US tenants: AWS (us-east-1, us-west-2). Multi-AZ database, encrypted EBS volumes, VPC isolation. EU tenants on Enterprise tier: Hetzner (Frankfurt + Falkenstein). Both providers SOC 2 / ISO 27001 audited.

Backups

Continuous database backups with 30-day point-in-time recovery. Cross-region backup replication. Quarterly disaster-recovery drills with documented RTO of 4 hours and RPO of 15 minutes.

Vulnerability management

Continuous dependency scanning (Snyk + GitHub Dependabot). Quarterly third-party penetration tests. Bug bounty program at security@infonet.co with rewards up to $5,000 for critical findings.

Incident response

Documented incident response plan with 24/7 on-call. Customer notification within 72 hours of any confirmed data incident, per GDPR Article 33 timeline. Public post-incident review within 30 days.

LinkedIn data and credentials

How we connect to LinkedIn

Infonet connects to LinkedIn via the user's authenticated session, not via your password. The integration uses LinkedIn's standard OAuth-equivalent flow during onboarding, and persistent session cookies thereafter. Your password never touches our infrastructure.

What we do with LinkedIn data

LinkedIn-sourced prospect data is stored for the duration of your campaign + 12 months default retention. Configurable retention available on Enterprise tier. Data is never shared with third parties, never used to train AI models that benefit other customers, and never sold.

Account safety

Per-profile dedicated home IPs, human-paced sending under LinkedIn's published limits, and proactive account-health monitoring. Restriction rate across our customer fleet with default safe-mode pacing: effectively 0%. Home IP architecture.

Subprocessors

The following subprocessors handle some portion of customer data. Full DPA addendums available on request.

  • AWS — primary infrastructure (US tenants), SOC 2 Type II, ISO 27001, HIPAA-eligible
  • Hetzner — EU infrastructure (Enterprise EU residency), ISO 27001
  • Stripe — payment processing, PCI-DSS Level 1
  • Anthropic — AI personalization model API, SOC 2 Type II
  • OpenAI — secondary AI personalization model API, SOC 2 Type II
  • Postmark — transactional email (signup confirmations, password resets), SOC 2 Type II
  • Sentry — error tracking, SOC 2 Type II
  • Datadog — observability, SOC 2 Type II

This list is updated as we add or remove subprocessors. Customers are notified 30 days in advance of any new subprocessor addition via email.

For security teams

Security questionnaires

We've completed SIG, CAIQ, and most enterprise security questionnaires. Recent questionnaire responses available within 5 business days of request.

Penetration test reports

Most recent pentest report (redacted, summary form) available to paid customers under NDA. Full reports available to Enterprise customers under MNDA.

Bug bounty

Reports to security@infonet.co. Scope: anything on infonet.co, app.infonet.co, and our public APIs. Rewards $50–5,000 by severity. Average response time: 4 business hours.

Security contacts

Need a SOC 2 report or DPA?

Available to paid customers and active prospects under NDA.

Email security@infonet.co