Information Security Policy
Inventoree.io Limited
Effective Date: 27th December 2025
Last Reviewed: 27th December 2025
1. Purpose
Section titled “1. Purpose”The purpose of this Information Security Policy is to define the principles and controls used by Inventoree.io Limited (“the Company”) to protect information assets against unauthorized access, disclosure, alteration, or destruction. This policy demonstrates the Company’s commitment to maintaining the confidentiality, integrity, and availability of data processed through its services.
2. Scope
Section titled “2. Scope”This policy applies to:
- All systems, applications, and infrastructure operated by Inventoree.io Limited
- All data processed, stored, or transmitted by the Company
- The Company’s SaaS platform, integrations, and related services
- The sole developer, contractors (if any), and third-party service providers
3. Information Security Principles
Section titled “3. Information Security Principles”Inventoree.io Limited follows these core security principles:
- Confidentiality: Information is accessible only to authorized parties
- Integrity: Information is accurate, complete, and protected from unauthorized modification
- Availability: Information and systems are accessible when required
Security controls are implemented based on risk and are proportional to the size and nature of the business.
4. Data Protection and Handling
Section titled “4. Data Protection and Handling”4.1 Data Classification
Section titled “4.1 Data Classification”Data handled by the Company may include:
- User account information (e.g., email addresses, usernames)
- Application data submitted by users
- Limited analytics and usage data
- Integration identifiers (e.g., third-party platform IDs)
Sensitive data is handled with appropriate safeguards.
4.2 Data Protection Measures
Section titled “4.2 Data Protection Measures”The Company implements reasonable technical and organizational measures, including:
- Encryption of data in transit using HTTPS/TLS
- Secure hosting environments provided by reputable cloud service providers
- Separation of production and development environments where applicable
5. Access Control
Section titled “5. Access Control”- Access to systems and data is restricted to authorized personnel only
- Administrative access is limited to the Company’s sole developer
- Strong passwords are required for all systems and services
- Multi-factor authentication (MFA) is enabled where supported
- Access rights are reviewed periodically and removed when no longer required
6. System and Network Security
Section titled “6. System and Network Security”The Company takes steps to secure systems and networks, including:
- Use of secure, up-to-date software and frameworks
- Regular application of security patches and updates
- Use of firewalls and access restrictions provided by hosting providers
- Logging and monitoring of system activity where available
7. Incident Management
Section titled “7. Incident Management”7.1 Security Incident Response
Section titled “7.1 Security Incident Response”A security incident is any event that may compromise information security.
In the event of a suspected or confirmed incident:
- The issue is investigated promptly
- Impacted systems may be isolated or secured
- Appropriate remediation steps are taken
- Affected users or partners are notified where legally or contractually required
7.2 Data Breach Notification
Section titled “7.2 Data Breach Notification”Where required under UK data protection law, relevant authorities and affected individuals will be notified without undue delay.
8. Third-Party Services
Section titled “8. Third-Party Services”Inventoree.io Limited may use third-party service providers (e.g., hosting, analytics, authentication services). The Company:
- Selects reputable providers with established security practices
- Limits shared data to what is necessary for service operation
- Relies on contractual and technical safeguards where available
9. Legal and Regulatory Compliance
Section titled “9. Legal and Regulatory Compliance”The Company aims to comply with applicable UK data protection and information security laws, including:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
This policy supports the Company’s Privacy Policy and other compliance obligations.
10. Policy Review and Updates
Section titled “10. Policy Review and Updates”This Information Security Policy is reviewed periodically and updated as necessary to reflect:
- Changes in business operations
- Changes in technology
- Changes in legal or regulatory requirements
11. Contact Information
Section titled “11. Contact Information”Questions regarding this policy or information security practices may be directed to:
Inventoree.io Limited
Email: support@inventoree.io Website: https://inventoree.io