ACADEMY - My Learning DOCS & GUIDESAPIPARTNERS FAQ
User Guide
indigitall

Data Security & Compliance

Security & Compliance

Data Security & Compliance

At indigitall, we understand that security is the foundation of digital trust. We maintain a robust security posture by adhering to the world's most stringent regulatory frameworks and industry standards. Our commitment to protecting our clients' data is validated by continuous independent audits and rigorous internal protocols. The following certifications and compliance standards reflect our unwavering dedication to operational excellence, data privacy, and the highest levels of system availability for our global enterprise partners.

SOC 2 Type II www.aicpa.org/soc4so
ISO/IEC 27001:2022 GDPR / LOPDGDD HIPAA
BAA - HIPAA ready
ENS — HIGH

Certifications & Compliance

SOC 2 Type II

Audited

indigitall is SOC 2 Type II certified, following an independent audit based on the AICPA Trust Services Criteria. This report validates that our security, availability, and confidentiality controls operate effectively over time, ensuring the highest level of security for our Marketing Automation SaaS Platform.

Report Date: 01/20/2026 // Audit Period: 08/15/2025 to 11/14/2025
www.aicpa.org/soc4so

ISO/IEC 27001:2022 – Information Security Management System (ISMS)

Certified

This certification validates our systematic approach to managing information security risks through robust policies, technical controls, and continuous improvement processes applied to our SaaS Marketing Automation services.

Initial Certification Date: 07/24/2020 >> Current Validity: Until 07/23/2026
See document

GDPR / LOPDGDD Compliance

Compliant

indigitall has undergone an external verification of compliance with EU Regulation 2016/679 (GDPR) and the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD). This verification accredits the implementation of appropriate technical and organizational measures to ensure the security, confidentiality, and lawful processing of personal data.

Verification Date: 09/19/2025 >> Valid Until: 09/19/2026
See document

HIPAA Compliant

Compliant

indigitall has successfully completed a HIPAA compliance audit for its Encrypted Push Notification Service.

The audit report confirms the successful implementation of administrative, technical, and physical safeguards to secure Protected Health Information (PHI). This ensures our service aligns with the requirements of the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Final Audit Report Date: 05/22/2025
See document

BAA - HIPAA ready

BAA Ready

indigitall is HIPAA-ready, enabling us to sign Business Associate Agreements (BAAs) with U.S. healthcare organizations, digital health platforms, and insurers. We fully comply with the HIPAA Security Rule to ensure the secure processing of Protected Health Information (PHI) across our platform. To safeguard PHI, our compliance infrastructure includes:

  • Formal Risk Assessment & Officer Designations (Privacy Officer and Security Officer).
  • Breach Notification Policy & Incident Response Runbook.
  • Sanctions Policy & Documented Workforce Training.
  • Sub-Processor Inventory with active BAAs.

National Security Framework (ENS) - HIGH Category

Certified · HIGH

indigitall is certified under the National Security Framework (ENS) in the HIGH category, in accordance with Royal Decree 311/2022.

This certification verifies that the information systems supporting our SaaS Marketing Automation Platform meet the most stringent security requirements across five key dimensions: confidentiality, integrity, availability, authenticity, and traceability. This level of certification is required by the Spanish Public Administration and major global organizations.

Issue Date: 04/08/2025 >> Expiration Date: 04/07/2027
See document

Core Security Practices

Our security framework is built on a comprehensive, multi-layered approach to protect data at every level.

Information Security

We employ a Secure Software Development Lifecycle (SSDLC), role-based access control (RBAC) with multi-factor authentication (MFA), and strict data classification policies to prevent unauthorized access.

Web Security Audit (Vulnerability Assessment)

This certification validates that our platforms and applications have undergone rigorous technical auditing, adhering to OWASP, PTES, and OWISAM industry standards, to identify and remediate vulnerabilities. This ensures the security and resilience of our SaaS marketing automation services.

Data Protection & Privacy

Our systems are built on "Privacy by Design" principles and guided by proactive responsibility. We ensure compliance with major data protection regulations—including GDPR, Spain's LOPDGDD, and other applicable market laws—while practicing data minimization and giving users full control over their data rights.

Encryption & Key Management

All data is encrypted in transit using strong protocols like TLS 1.2+ and at rest using robust algorithms such as AES-256. We follow rigorous key management and rotation protocols to safeguard cryptographic keys.

Business Continuity & Resilience

We ensure high availability with redundant backups, documented recovery plans (DRP/BCP), and clear RTO/RPO targets. Our resilient infrastructure is built on Google Cloud, a platform that meets rigorous, internationally recognized certifications and compliance standards.

Physical Security

Access to our facilities and data centers is strictly controlled and monitored 24/7. We enforce clean desk policies and secure, documented hardware disposal procedures.

Culture, Transparency & Contact

Training & Awareness

Security is a shared responsibility. All employees undergo mandatory annual cybersecurity training, continuous awareness campaigns, and practical simulations to ensure our team serves as the first line of defense.

Transparency

We believe in full transparency. We provide clients with updated documentation on our security practices and maintain a dedicated, specialized channel for any security and compliance inquiries.