Reports are evidence. We treat them that way.
Every photograph, observation, and edit is recorded with a chain of custody we'd be comfortable producing in a courtroom — because customers do.
Compliance
SOC 2 Type II
Audited by an independent firm. Report available under NDA — see the SOC 2 page to request access.
GDPR & UK GDPR
EU customer data stored in Frankfurt. Standard Contractual Clauses available. See the DPA.
CCPA / CPRA
California consumer rights honored across all customers. Send requests to privacy@inspectgenius.tech.
Security posture
Encryption
AES-256 at rest, TLS 1.3 in transit. Per-tenant encryption keys managed in AWS KMS. Photos encrypted on the inspector's device before upload.
Authentication
SSO via SAML 2.0 (Okta, Azure AD, Google Workspace) on enterprise plans. Hardware security keys supported. Mandatory MFA for admin and legal roles.
Access controls
Production access limited to a small on-call rotation, gated by hardware key + ticket. All access logged and reviewed quarterly.
Audit logging
Every report edit is recorded: who, what, when, from where. Retained for 7 years to support legal admissibility.
Sub-processors
We use a short list of vetted sub-processors. Customers are notified by email at least 30 days before any change.
| Provider | Purpose | Region |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | us-east-1, eu-central-1 |
| Cloudflare | Content delivery, DDoS protection | Global |
| Stripe | Payment processing | United States |
| Postmark | Transactional email delivery | United States |
| Linear | Internal issue tracking (no customer data) | United States |
| Datadog | Application monitoring (anonymized telemetry only) | United States |
Vulnerability disclosure
We welcome reports from security researchers. Send technical details to security@inspectgenius.tech using our PGP key (fingerprint 9F2A 1B4D 7E36 8C82 5044 6F1A 3B92 C7E5 D81F 4A6B). We'll acknowledge within 48 hours and aim to remediate critical issues within 14 days.
We don't run a paid bounty program yet, but we publicly credit reporters and send a small token of appreciation for valid reports.
Status & reliability
Live system status: status.inspectgenius.tech. Enterprise customers are covered by a 99.95% uptime SLA with credits.