Trust

Immersa is SOC 2 Type II Compliant

We respect the privacy and security of all customer data that we touch. Immersa utilizes enterprise-grade best practices to protect our customers’ data. We are now SOC 2 Type II compliant. The compliance report is available on request under NDA.

Continuous Security Control Monitoring

Immersa continuously monitors 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allow Immersa to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests

Immersa works with industry-leading security firms to perform annual network and application layer penetration tests.

Secure Software Development

Immersa utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption

Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program

If you believe you’ve discovered a bug in Immersa’s security, please get in touch at PeopleFirst@immersa.co. Our security team promptly investigates all reported issues.

Unique Architecture

We believe companies should have control of their data and our architecture is designed around accessing only the data we need and storing it temporarily for no longer than we need to. The underlying cloud platforms and services we use maintain industry-standard certifications and ensure the highest level of care for your data. Our overall architecture has 3 simple components:

• Execute the needed queries to access your data
• Store data temporarily while we process and analyze the information
• Transfer the data back to your systems of record

Internal Security

We complete regular reviews and pen tests using trusted security vendors, as well as regular audits to ensure you have complete peace of mind. We encrypt all data at rest using standard AES-256 encryption algorithms and use recent TLS versions for all connections between systems while never relying on self-signed certificates.

Least Privilege is the Best Privilege

At Immersa, we believe that least privilege is the best privilege. When we request access to your data, we specify the minimum scope needed for us to do what we need and that access can be revoked at any time as needed.

Caring for Your Data is Our Top Priority

Customer data is stored in secure enterprise-grade public clouds such as Google Cloud, Microsoft Azure, and Amazon Web Services. Access to your data is defined by attribute-based access controls—allowing users, owners, and admins to have fine-grained application access control far more advanced than traditional role-based application security models. Our policies for internal employees ensure safe and compliant handling of user data.