Last updated: October 19, 2025
Security and privacy are foundational to everything we build. Ivandt is designed with a privacy-first architecture and runs on enterprise-grade infrastructure trusted by the world's most regulated industries.
Ivandt's SDK processes data locally in your users' browsers by default. Files are parsed, validated, and transformed entirely client-side—meaning sensitive data never leaves the user's device unless explicitly submitted to your systems.
Local-first processing: All file parsing, validation, and transformation happens in the browser
Zero silent uploads: Data is only transmitted when users explicitly submit
Your infrastructure, your control: Send data directly to your APIs—we never see it
Ivandt is built on SOC 2-certified infrastructure providers, ensuring your data benefits from industry-leading security controls and compliance frameworks.
Certified infrastructure: All hosting, database, and storage providers maintain SOC 2 Type II certification
Global edge network: Content delivery and DDoS protection from ISO 27001-certified providers
HIPAA-eligible services: Healthcare-grade infrastructure for sensitive data processing
Regular audits: Our infrastructure partners undergo continuous third-party security assessments
When you choose to use Ivandt's optional storage features, your data is protected with multiple layers of encryption and access controls.
Encryption in transit: TLS 1.3 for all data transmission
Encryption at rest: AES-256 encryption for stored data
Isolated tenancy: Complete data isolation between customers
Secure key management: Cryptographically secure API keys with domain restrictions
Ivandt implements defense-in-depth authentication with multiple layers of validation and authorization.
Two-key architecture: Separate secret keys (server-side) and public keys (client-side) with different permissions
Origin validation: Public keys are restricted to specific domains to prevent unauthorized use
Short-lived sessions: JWT tokens with configurable expiration (default 15 minutes)
Comprehensive audit trails provide visibility into all data operations, supporting compliance with GDPR, CCPA, and other privacy regulations.
Immutable audit logs: Every data operation is logged with timestamp, user, and action details
GDPR & CCPA ready: Built-in APIs for data subject access and deletion requests
Data retention controls: Configurable retention policies with automated deletion
Activity monitoring: Track user actions, API calls, and data access patterns
Regular security updates: Dependencies and infrastructure are continuously monitored and updated
Secure development lifecycle: Code reviews, automated security scanning, and vulnerability testing
Incident response: Documented procedures for security incident detection and response
Third-party audits: Regular security assessments by independent auditors
Employee training: Security awareness and best practices training for all team members
Ivandt is built to support compliance with major regulatory frameworks:
GDPR (General Data Protection Regulation): Privacy by design, data subject rights, audit trails, and data processing agreements
CCPA (California Consumer Privacy Act): Consumer data rights, deletion capabilities, and transparency requirements
HIPAA-eligible infrastructure: Built on HIPAA-compliant services for healthcare data processing
SOC 2 foundations: Security controls aligned with SOC 2 Trust Service Criteria, running on SOC 2-certified infrastructure
Note: While Ivandt's infrastructure providers maintain SOC 2, ISO 27001, and other certifications, Ivandt as a company is in the process of obtaining independent certifications. We're committed to achieving formal compliance as we scale. For enterprise customers requiring specific certifications, please contact us to discuss your requirements.
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
For security inquiries, compliance documentation, or to discuss enterprise security requirements, contact us at security@ivandt.com.
