Security & Data Protection

Your information is secure with Index.

Index Logo

The security of your data is our #1 priority.

Security, reliability, privacy, and compliance are at the heart of everything we do at Index. Safeguarding your information isn't just a part of our daily routine; every facet of our engineering and operations have been vetted to ensure the protection of your data.

Index utilizes industry-standard cloud infrastructure vendors to provide the Index service, along with implementing our own additional processes and controls. Our posture is informed by industry experts, and we also bring deep expertise in operating secure software from our time at some of the world's best and most advanced software companies.

Backups occur on a daily basis to a separate region, are persisted, and regularly tested for recovery. All data is encrypted with industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS). We also conduct static code analysis, third-party vulnerability scanning and audits, and implement many other industry-standard Cloud security techniques.

Explore our Security & Data Protection Center, where you'll find detailed information on our controls along with supporting documentation. If you have any questions, please don't hesitate to contact us at

Significant investment in our security roadmap

In addition to the robust controls already in place, we have an extensive security and privacy roadmap that we're actively pursuing, with features that will be offered to all new and existing customers:

  • SOC 2 Type I: In progress
  • Audit logs: Upcoming
  • Data residency: Upcoming

Further, our commitment to security is never static. We continuously adapt and evolve our methods to remain ahead of the curve, embracing new technologies and strategies as they emerge. With every step we take, our focus remains on providing a secure, dependable, and private environment for you to rely on. Feel comforted, knowing that we take every measure possible to maximize security and maintain data integrity. Your trust is our priority, and our actions echo this commitment.

Frequently asked questions

What data does Index store?

When provisioning a user account, we store your full name, email address, and (optionally) a profile photo.

While using Index, users can import and directly enter text data. To best understand the data that your organization expects to store in Index, we recommend talking to the individuals who will be entering data into our system. Most individuals will use Index to store work planning data such as information about projects, goals, objectives, and teams.

Where does Index store data?

We store data in Amazon Web Services (AWS) data centers in the United States. Your data will be stored in us-west-2 (Oregon) with database replication to us-west-1 (N. California) for backups.

Is Index SOC 2 compliant?

We're actively pursuing SOC 2 Type I certification with the vast majority of necessary controls already in place. We expect to complete our audit and receive certification by the middle of this year (2024).

Do you fill out security assessments?

Yes. We are happy to fill out security assessments on request – please contact us.

Is your data encrypted?

Yes, Index provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).

Do you provide SAML, Single Sign-On (SSO), or advanced authentication controls?

Yes. We provide SSO on our Enterprise plan, compatible with most IdPs with support for both SAML and OIDC protocols. Please contact us with your specific requirements for more information.

Do you have a list of subprocessors?

Yes, an updated list of data subprocessors is available by request. Contact us at and we'll be happy to help.

How can I report security issues and vulnerabilities?

Index takes security issues and vulnerabilities very seriously. If you believe you have found a security issue, please contact us at and we'll review it as soon as possible.

Does Index have a bug bounty / responsible disclosure program?

Yes. Index has a private Bug Bounty program that rewards researchers for finding and reporting security vulnerabilities. For more information, or to report a vulnerability, please visit our Responsible Disclosure page or reach out to us at

How can I access, transfer, or delete my data?

Contact us at and we'll be happy to help.