App
Docs/Security/Security Overview
Security

Security Overview

How Inpera protects your data.

2 min read

Security Overview

Security is a core priority at Inpera. Here's how we protect your data.

Data Storage

  • Cloud Database: All data is stored in secure cloud infrastructure
  • Encryption at Rest: Data is encrypted using industry-standard encryption
  • Encryption in Transit: All connections use TLS 1.2+

Authentication

User Authentication

  • Email/password with secure hashing
  • JWT-based sessions with HTTP-only cookies
  • Token refresh and blacklisting
  • Password reset with OTP verification

API Authentication

  • JWT bearer tokens for authenticated endpoints
  • Project keys for embed script and public endpoints
  • Token expiration and rotation support

SSO (Coming Soon)

Single Sign-On support is planned for the next version and will be available on all plans.

Privacy

Embed Script Privacy

The embed script is designed with privacy in mind:

  • No input values captured: Only input type and length are recorded
  • No storage access: Never reads cookies, localStorage, or sessionStorage
  • No console logging: Production builds have no console output
  • Fail-safe operation: Never breaks website functionality

Data Minimization

  • Text content is trimmed to 100 characters
  • Only necessary DOM metadata is collected
  • Events are batched and deduplicated

Access Control

Organization-Based Access

  • Users belong to organizations
  • Projects are scoped to organizations
  • Role-based permissions per organization

Project-Level Permissions

  • Project keys for external access
  • Read-only vs. full access controls
  • Invitation-based team member access

Infrastructure

  • Cloud-hosted: Reliable cloud infrastructure
  • Regular backups: Automated database backups
  • Monitoring: 24/7 infrastructure monitoring

Compliance

Current Status

  • No SOC 2 certification at this time
  • GDPR-compliant data handling practices
  • Regular security reviews

Reporting Issues

Report security vulnerabilities to: [email protected]

We take all security reports seriously and will respond promptly.

Best Practices

For Developers

  1. Keep project keys secure - don't commit to public repos
  2. Use environment variables for API credentials
  3. Rotate API keys periodically
  4. Monitor API usage for anomalies

For Organizations

  1. Use strong passwords
  2. Review team member access regularly
  3. Remove access when team members leave