DocumentationUser GuideDeveloper GuideAPITechnology Partners
For Marketers
GO TO CONSOLECONTACT US !
Start typing to search…

Security

At indigitall, we build on a foundation of security, privacy, and trust. We weave a security-by-design approach into every stage of our solutions lifecycle, orchestrating people and technology into a constantly evolving defense system. This strategy guarantees that data protection and service continuity remain integral to our DNA, rather than secondary considerations.

international certifications

Certifications & Compliance

Our commitment to global security standards is validated by internationally recognized certifications. These provide independent verification of our security controls and processes.

National Security Framework (ENS) - HIGH Category

indigitall is certified under the National Security Framework (ENS) in the HIGH category, in accordance with Royal Decree 311/2022.

This certification verifies that the information systems supporting our SaaS Marketing Automation Platform meet the most stringent security requirements across five key dimensions: confidentiality, integrity, availability, authenticity, and traceability. This level of certification is required by the Spanish Public Administration and major global organizations.

📘

Issue Date: 04/08/2025 >> Expiration Date: 04/07/2027

ENS Certification

ISO/IEC 27001:2022 – Information Security Management System (ISMS)

This certification validates our systematic approach to managing information security risks through robust policies, technical controls, and continuous improvement processes applied to our SaaS Marketing Automation services.

📘

Initial Certification Date: 07/24/2020 >> Current Validity: Until 07/23/2026

HIPAA Compliant

indigitall has successfully completed a HIPAA compliance audit for its Encrypted Push Notification Service.

The audit report confirms the successful implementation of administrative, technical, and physical safeguards to protect Protected Health Information (PHI). This ensures our service aligns with the requirements of the U.S. Health Insurance Portability and Accountability Act (HIPAA).

📘

Final Audit Report Date: 05/22/2025

GDPR / LOPDGDD Compliance

indigitall has undergone an external verification of compliance with EU Regulation 2016/679 (GDPR) and the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD). This verification accredits the implementation of appropriate technical and organizational measures to ensure the security, confidentiality, and lawful processing of personal data.

📘

Verification Date: 09/19/2025 >> Valid Until: 09/19/2026

Core Security Practices

Our security framework is built on a comprehensive, multi-layered approach to protect data at every level.

  • Information Security: We employ a Secure Software Development Lifecycle (SSDLC), role-based access control (RBAC) with multi-factor authentication (MFA), and strict data classification policies to prevent unauthorized access.
  • Data Protection & Privacy: Our systems are built on "Privacy by Design" principles and guided by proactive responsibility. We ensure compliance with major data protection regulations—including GDPR (see document), Spain's LOPDGDD, and other applicable market laws—while practicing data minimization and giving users full control over their data rights.
  • Encryption & Key Management: All data is encrypted in transit using strong protocols like TLS 1.2+ and at rest using robust algorithms such as AES-256. We follow rigorous key management and rotation protocols to safeguard cryptographic keys.
  • Business Continuity & Resilience: We ensure high availability with redundant backups, documented recovery plans (DRP/BCP), and clear RTO/RPO targets. Our resilient infrastructure is built on Google Cloud, a platform that meets rigorous, internationally recognized certifications and compliance standards. This infrastructure features automatic resource scaling for optimal performance. To ensure low latency and meet regulatory requirements, resources are strategically deployed in regional data centers in the EU or the US, based on client location.
  • Physical Security: Access to our facilities and data centers is strictly controlled and monitored 24/7. We enforce clean desk policies and secure, documented hardware disposal procedures.

Culture, Transparency & Contact

  • Training & Awareness: Security is a shared responsibility. All employees undergo mandatory annual cybersecurity training, continuous awareness campaigns, and practical simulations to ensure our team serves as the first line of defense.
  • Transparency: We believe in full transparency. We provide clients with updated documentation on our security practices and maintain a dedicated, specialized channel for any security and compliance inquiries.

Updated 1 day ago