Inigo Security

Last updated: June 30, 2016

The security of Inigo, LLC is described below up and to the point of the date of this document. Any future security measure will only INCREASE security, or more precisely be more secure, and be provided by notification to the email address provided on this document 60 days before implementing such security measures. These security measures complement the found on both our Android and iPhone, Desktop, Team and Partner product pages.

Servers

Inigo App is hosted by Winhost - Premium Windows Hosting provider. The physical machines are located in a state of the art secure data center in Los Angeles area of California. Only Winhost staff has a physical access to the machines.

Facility

  • Concrete Tilt-Up Construction>
  • 24 inch raised floor
  • Steel Seismic Bracing added to meet the 1997 Seismic / Earthquake codes (Title 24 Seismic) for Los Angeles area
  • All racks / cabinets are seismically braced and bolted directly to the concrete flooring
  • Dimax – Building Management / Alarm Monitoring System
  • Power and data cables are run perpendicular from each other to minimize any electrical field interaction
  • Janitorial service is bonded, insured and licensed

Security

  • 7/16 inch thick steel sheeting around the front door and within the front reception area
  • 2 level, man-trap, security access – before actually being able to enter the raised floor area
  • 256+ - fixed positioned, security cameras
  • All camera footage is recorded and held for a minimum of 30 days
  • Level 5 bullet-resistant walls / glass (Kevlar Lined walls) in the front entry, lobby, guard station, and shipping and receiving areas
  • 24 x 7 x 365 on-site security guards
  • Security service is bonded
  • No signage on building

Webview

One of Inigo App’s components allows displaying user’s Digital Business Cards (later DBC) in a Web Browser. Each DBC has a public URL. In order to harden the DBC URLs from web crawling and hacker scanning, each URL is unique, long and MD5 encrypted (ex. https://inigoapp.com/m/public/profile/28423A6D33E7C2D6E59234F34567EAEF ) Images and other media assets are served by Amazon’s AWS CloudFront Content Distribution Network to ensure fast and safe content delivery at high speed with low latency.

Mobile App

User Authentication is required to make any changes to user’s Account, DBCs or Contacts. Authentication is done using 2 main methods: Social Network OAuth (Facebook, LinkedIn, Twitter and Google Plus) and traditional Email activation.

  • Social Network OAuth - user Authenticates using a social network of choice. Inigo retrieves the necessary user information provided by the social network to log the user in.
  • User provides the email address to Inigo. Inigo sends a validation email to the address and issues a unique activation link. If activated, Inigo authenticates the user and logs into the App.
  • User may decide to log out of Inigo at any time.
  • A Device Token is issued at the time of installation. Inigo Server keeps track of user’s devices and can invalidate a device at any time to prevent communication with the server.
  • Distribution of the production app is done using Google Play and Apple App Store only. App complies to the standards and best practices dictated by Google and Apple to be part of the stores.

Web API

All backend communication between the Web API hosted on the server and a Mobile Device is done over secure socket layer (SSL) signed by a GeoTrust certificate. Inigo keeps log of all Client - Server communications and Web requests.

Software Development

The development team puts the highest priority on user privacy and data security.

  • Inigo provides the developers with the latest training materials from the industry thought leaders to make sure the team is up to date with the current best practices on the security front of software development.
  • The Engineering team chooses the stronger/safer alternative both during the design and the implementation phases as company policy.
  • Each new feature and capability is examined for its security implications.
  • The development is done on a development database - not the production one to prevent data leaks and abuse by the development team.
  • In case a defect is reported that requires an investigation involving the specific user’s account, the user is contacted and the permission is requested to proceed with the investigation.

Conclusion

In conclusion - the security is a moving target and no system is 100% safe as proven by countless examples. Inigo does it’s best to ensure the data security and prevent data leaks. Inigo implements the industry best practices, carefully selects its vendors, partners and employees. Checks, validates and improves the security model on an on-going basis.

...