// Trust & Security Report

    Insider One (Sosyo Plus Bilgi Bilişim - Turkey; Insider Benelux B.V. - EU/EEA; regional entities globally) logo

    Insider One (Sosyo Plus Bilgi Bilişim - Turkey; Insider Benelux B.V. - EU/EEA; regional entities globally)

    Insider One: AI-powered customer engagement platform with unified CDP, personalization engine, journey orchestration, behavioral analytics, and multi-channel activation (SMS, Email, WhatsApp, Web, App, Push, Search).

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Insider has successfully completed the SOC 2 Type 2 examination covering the Insider One Growth Management Platform for the period April 2023 through March 2024, assessing Security, Availability, and Confidentiality.

    Verify on insiderone.com
    ISO/IEC 27001:2022
    HELD

    ISO 27001:2022 Information Security Management System Certificate confirms adherence to globally recognized best practices for protecting confidentiality, integrity, and availability of information.

    Verify on insiderone.com
    GDPR Compliance
    HELD

    Insider One is 100% GDPR compliant with data privacy and security at the core of the technology and culture. ePrivacy Seal continuously held since 2020, validated every three years.

    Verify on insiderone.com
    ePrivacy Seal
    HELD

    Insider has continuously held the ePrivacy Seal since 2020 as validation of GDPR and ePrivacy Directive compliance through comprehensive assessment of data processing and organizational safeguards.

    Verify on academy.insiderone.com
    HIPAA
    HELD

    Insider One provides Business Associate Agreements upon request, with administrative, physical, and technical safeguards including AWS encryption and employee training protocols.

    Verify on academy.insiderone.com
    CSA STAR Registry
    HELD

    Insider One holds certifications including ISO 27001, CSA STAR Registry, SOC 2 Type 2, and the e-Privacy seal.

    Verify on academy.insiderone.com
    > Show 1 unconfirmed / not-held certifications
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on vendor domain despite handling customer payment and ecommerce data.

    source: insiderone.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EU-West-1 (Ireland) via AWS; regional controllers in Turkey, EU/EEA, and other jurisdictions; customers can select EU data residency.

    Insider One explicitly commits in its DPA (dated June 2025) that it shall NOT use Customer Data—including prompts, inputs, AI Outputs, or other Personal Data—for training, fine-tuning, or developing/improving AI or ML models except where expressly agreed. This applies to anonymized, pseudonymized, or aggregated data.

    // Security controls

    Encryption in Transit

    SSL/TLS 1.3 protocols

    insiderone.com

    Encryption at Rest

    AES256 encryption algorithm in RDS (Relational Database Service); unique personal data encryption keys

    insiderone.com

    Access Controls

    Multi-factor authentication required; role-based access controls with regular audits; IP-based session restrictions; 30-minute inactivity timeout; 1-day maximum session duration; account lockout after failed login attempts

    insiderone.com

    Infrastructure

    Hosted on AWS with layered defense (Firewall, VPN, segregation); data segregation across separate cloud services and regions; 24/7 monitoring by Network Operations Center

    insiderone.com

    Zero Trust Network Access

    Enterprise Risk Management Program; Secure Software Development Life Cycle; Technical Vulnerability Management; Incident Management & Business Continuity/Disaster Recovery; regular penetration testing

    academy.insiderone.com

    DDoS Mitigation

    DDoS mitigation included in default security features

    academy.insiderone.com

    // Products & data scope

    Insider One Platform (All-in-One)AI-Powered Customer Engagement Platform

    data: Customer data, behavioral data, transactional data across web, mobile, email, SMS, WhatsApp, and other channels

    Unified CDP with 100+ integrations, personalization, journey orchestration, behavioral analytics, and agentic AI. Serves 2,000+ enterprise customers.

    Insider One AI (Agentic, Generative, Predictive)AI & Machine Learning

    data: Customer data processed for autonomous decision-making, segmentation, and predictive modeling

    Does NOT train on customer data. Processing through AI systems solely to deliver contractual Services with prior written consent for automated decision-making.

    Customer Data Management (CDP)Data Platform

    data: 360-degree customer view, unified profiles, segmentation

    GDPR-compliant with DPA; EU data residency option available

    Personalization EngineMarketing Personalization

    data: Customer behavior, preferences, transaction history for dynamic content and recommendations

    Real-time personalization across web, email, and other channels

    Journey OrchestrationCampaign Management

    data: Customer journey data, engagement events, channel interactions

    Omnichannel orchestration across SMS, Email, WhatsApp, Web, App, Push, Search

    // What to watch

    • SOC 2 scope clarification needed: One detailed page states Type 2 covers only Security, Availability, and Confidentiality (3 of 5 criteria); Trust Center documentation mentions all 5 Trust Service Criteria. Confirm whether Insider has both SOC 2 Type 1 AND Type 2, or if Type 2 actually covers all 5 criteria.
    • HIPAA BAA is 'upon request' rather than automatic, suggesting HIPAA is a secondary compliance consideration, not a core offering.
    • No PCI DSS certification found despite the platform handling customer payment and ecommerce data. Clarify if PCI DSS compliance is in-scope for Insider One or delegated to integrations.

    // At a glance

    Pricing model

    Not detailed in trust/security pages; subscription-based SaaS with usage-based and tiered offerings

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Insider One (Sosyo Plus Bilgi Bilişim - Turkey; Insider Benelux B.V. - EU/EEA; regional entities globally)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    academy.insiderone.com

    > Browse all vendor trust reports