Frequently Asked Questions

What data does Index store?

When provisioning a user account, we store your full name, email address, and (optionally) a profile photo.

While using Index, users can import and directly enter text data. To best understand the data that your organization expects to store in Index, we recommend talking to the individuals who will be entering data into our system. Most individuals will use Index to store work planning data such as information about projects, goals, objectives, and teams.

Where does Index store data?

We store data in Amazon Web Services (AWS) data centers in the United States. Your data will be stored in us-west-2 (Oregon) with database replication to us-west-1 (N. California) for backups.

Is Index SOC 2 compliant?

We're actively pursuing SOC 2 Type I certification with the vast majority of necessary controls already in place. We expect to complete our audit and receive certification by the middle of this year (2024).

Do you fill out security assessments?

Yes. We are happy to fill out security assessments on request – please contact us.

Is external penetration testing performed, and has the platform been reviewed by an independent third-party?

Yes to both. Our external penetration tests are performed at least annually, with the most recent test and comprehensive review completed on the 7th of May 2024. All findings were remediated.

Is your data encrypted?

Yes, Index provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).

Do you provide SAML, Single Sign-On (SSO), or advanced authentication controls?

Yes. We provide SSO on our Enterprise plan, compatible with most IdPs with support for both SAML and OIDC protocols. Please contact us with your specific requirements for more information.

Do you have a list of subprocessors?

Yes, an updated list of data subprocessors is available by request. Contact us at and we'll be happy to help.

How can I report security issues and vulnerabilities?

Index takes security issues and vulnerabilities very seriously. If you believe you have found a security issue, please contact us at and we'll review it as soon as possible.

Does Index have a bug bounty / responsible disclosure program?

Yes. Index has a private Bug Bounty program that rewards researchers for finding and reporting security vulnerabilities. For more information, or to report a vulnerability, please visit our Responsible Disclosure page or reach out to us at happy to help you access, transfer, or delete your data promptly.

How can I access, transfer, or delete my data?

Contact us at and we'll be happy to help you access, transfer, or delete your data promptly.