In addition, we are committed to delivering the highest levels of standards conformance and regulatory compliance as part of our ongoing mission to address the most demanding security and privacy requirements in the world.
More and more organizations—from commercial startups to public utilities for entire nations—trust Inrupt with their sensitive applications and data to enable safe innovation and market expansion.
Inrupt is a Solid provider of enterprise-grade support for security and privacy
Solid is an open standard to build custom implementations
Solid is web-native and embodies the principles of the web, especially universal access
Trust by Design
At Inrupt, we believe that in order to move from the well-intentioned verbiage of current privacy laws to the actual implementation of effective user privacy, we need to design and build technology that enables real structural change.
Inrupt utilizes the personal data store (Pod) model of Solid to operationalize a fundamentally new framework for data privacy and security, to help our clients build trust throughout the lifecycle of personal data. We design for trust using the highest standards of ethics and care to foster privacy and maintain the security of personal data. We also strive to continually learn, refine, and iterate to enable meaningful and customized collaborations with our clients.
Security by Design
Inrupt offers enterprise-grade product security, which means you can leverage rigorous control of who can access, change or delete data. Data encryption is offered in transit, at rest and even in process (confidential compute). We combine technology and operational processes to prevent, detect, and respond to security incidents. Prevention is aided by encryption at rest and in transit, as well as regular third-party independent assessments. Detection capabilities and audit logs integrate with SIEM/SOAR systems and 24/7 monitoring by operators of a SOC. All technology suppliers have well-established incident response and vulnerability disclosure processes.
Privacy by Design
Inrupt enables organizations to realize the potential of the Solid specification. Our Pods are designed to be trusted with your most sensitive data and to remove risk from platform operators.
Through use of the Pod model, you can limit personal data access to those who truly need it. Remote key management, PII-free logs, and an infrastructure-as-code design, mean that third-party technology providers can provide their services without accessing Pod data.
Pods also enable our clients to easily determine where in the world their user data will be stored. Cloud storage providers can be physically located, and legally incorporated, within a strict geographic zone. The control over where your data lives, and how it is stored, enables easy compliance with data transfer and localization requirements and makes it easier to comply with national data privacy laws.
Inrupt is committed to protecting the privacy of data stored in our products. Any data stored by our products adheres to principles of role-based access control (RBAC) and multi-factor authentication (MFA). Access to infrastructure for the reliability of a service is restricted tightly and monitored using both logical controls and management processes.
Regulations and Compliance
Inrupt configures Solid Pods to extend beyond the specific requirements of these regulations in order to animate the key values at their core: transparency, control and trust. Solid Pods enable organizations to comply effectively and intuitively with the requirements of global privacy laws like the GDPR, CCPA (and CPRA), PIPEDA, and many others. Solid Pods provide a system that is built to enable privacy functionality and that can help organizations to both meet and exceed the current legal requirements, and can scale and adapt as legal requirements continue to evolve.
Example of a Trusted Solid Deployment
Inrupt is not able to technically or contractually access Pod data. The operational processing of data takes place in the territory of an ESS deployment on IaaS under the responsibility of an operator from that region under relevant law.
|General Example of a Trusted Solid Deployment||Solid Implementation||ESS Operations||Pod Management & Governance||Setup and Test||Hosting Locations|
|Who might be responsible?||Inrupt ESS||Data Utility Management||Development and Management of Digital Rights||Integrators||IaaS|
Please contact firstname.lastname@example.org with any questions.