// Trust & Security Report
Insider One (Sosyo Plus Bilgi Bilişim - Turkey; Insider Benelux B.V. - EU/EEA; regional entities globally)
Insider One: AI-powered customer engagement platform with unified CDP, personalization engine, journey orchestration, behavioral analytics, and multi-channel activation (SMS, Email, WhatsApp, Web, App, Push, Search).
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on insiderone.com“Insider has successfully completed the SOC 2 Type 2 examination covering the Insider One Growth Management Platform for the period April 2023 through March 2024, assessing Security, Availability, and Confidentiality.”
Verify on insiderone.com“ISO 27001:2022 Information Security Management System Certificate confirms adherence to globally recognized best practices for protecting confidentiality, integrity, and availability of information.”
Verify on insiderone.com“Insider One is 100% GDPR compliant with data privacy and security at the core of the technology and culture. ePrivacy Seal continuously held since 2020, validated every three years.”
Verify on academy.insiderone.com“Insider has continuously held the ePrivacy Seal since 2020 as validation of GDPR and ePrivacy Directive compliance through comprehensive assessment of data processing and organizational safeguards.”
Verify on academy.insiderone.com“Insider One provides Business Associate Agreements upon request, with administrative, physical, and technical safeguards including AWS encryption and employee training protocols.”
Verify on academy.insiderone.com“Insider One holds certifications including ISO 27001, CSA STAR Registry, SOC 2 Type 2, and the e-Privacy seal.”
> Show 1 unconfirmed / not-held certifications
source: insiderone.comNo public evidence of PCI DSS certification found on vendor domain despite handling customer payment and ecommerce data.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
EU-West-1 (Ireland) via AWS; regional controllers in Turkey, EU/EEA, and other jurisdictions; customers can select EU data residency.
Insider One explicitly commits in its DPA (dated June 2025) that it shall NOT use Customer Data—including prompts, inputs, AI Outputs, or other Personal Data—for training, fine-tuning, or developing/improving AI or ML models except where expressly agreed. This applies to anonymized, pseudonymized, or aggregated data.
// Security controls
Encryption at Rest
AES256 encryption algorithm in RDS (Relational Database Service); unique personal data encryption keys
insiderone.comAccess Controls
Multi-factor authentication required; role-based access controls with regular audits; IP-based session restrictions; 30-minute inactivity timeout; 1-day maximum session duration; account lockout after failed login attempts
insiderone.comInfrastructure
Hosted on AWS with layered defense (Firewall, VPN, segregation); data segregation across separate cloud services and regions; 24/7 monitoring by Network Operations Center
insiderone.comZero Trust Network Access
Enterprise Risk Management Program; Secure Software Development Life Cycle; Technical Vulnerability Management; Incident Management & Business Continuity/Disaster Recovery; regular penetration testing
academy.insiderone.com// Products & data scope
data: Customer data, behavioral data, transactional data across web, mobile, email, SMS, WhatsApp, and other channels
Unified CDP with 100+ integrations, personalization, journey orchestration, behavioral analytics, and agentic AI. Serves 2,000+ enterprise customers.
data: Customer data processed for autonomous decision-making, segmentation, and predictive modeling
Does NOT train on customer data. Processing through AI systems solely to deliver contractual Services with prior written consent for automated decision-making.
data: 360-degree customer view, unified profiles, segmentation
GDPR-compliant with DPA; EU data residency option available
data: Customer behavior, preferences, transaction history for dynamic content and recommendations
Real-time personalization across web, email, and other channels
data: Customer journey data, engagement events, channel interactions
Omnichannel orchestration across SMS, Email, WhatsApp, Web, App, Push, Search
// What to watch
- SOC 2 scope clarification needed: One detailed page states Type 2 covers only Security, Availability, and Confidentiality (3 of 5 criteria); Trust Center documentation mentions all 5 Trust Service Criteria. Confirm whether Insider has both SOC 2 Type 1 AND Type 2, or if Type 2 actually covers all 5 criteria.
- HIPAA BAA is 'upon request' rather than automatic, suggesting HIPAA is a secondary compliance consideration, not a core offering.
- No PCI DSS certification found despite the platform handling customer payment and ecommerce data. Clarify if PCI DSS compliance is in-scope for Insider One or delegated to integrations.
// At a glance
Pricing model
Not detailed in trust/security pages; subscription-based SaaS with usage-based and tiered offerings
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Insider One (Sosyo Plus Bilgi Bilişim - Turkey; Insider Benelux B.V. - EU/EEA; regional entities globally)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
academy.insiderone.com