Sign In
Contact Us

Security, Privacy & Reliability with IntegrateHQ

IntegrateHQ is trusted to securely process and synchronize the data of companies around the world - read about how we handle that data. 

Data Privacy & GDPR

We are committed to protecting your Personal Data and respecting your privacy. The IntegrateHQ Privacy Policy details how we gather, use, disclose, and manage Personal Data. If you're visiting us from the EU or Switzerland: we adhere to the Privacy Shield Principles.

Platform Security & Reliability


We use a reputable SOC 2 certified data center to host the services we provide.

Our hosting provider is Amazon Web Services (AWS) in the USA. We make full use of the best practice security and availability capabilities offered by AWS including Virtual Private Cloud (VPC) technology for network isolation and multi-availability zones for reliability. Read about AWS cloud security ( and SOC compliance (


We take the security of our internal and external networks very seriously. Communication between our servers and your business applications / web browser is encrypted.

Within our VPC network we employ public and private subnets. All application servers reside in private subnets and so have no public IP addresses; external communication is routed via NAT Gateways. Network security is multi-tiered including strict Network Access Control List rules, role based Network Security Groups, host IP Table restrictions and user based authorization. All user user interaction with IntegrateHQ services is encrypted over HTTPS/TLS. Access to the production VPC is restricted - only select team members responsible for maintaining operational stability of the application are able to connect to resources within the VPC.


Stored customer data is encrypted.

IntegrateHQ stores account information, user information and integration/connection configuration. If an integration is configured to do so, IntegrateHQ may also store integration related data. In all cases customer data is encrypted when stored ("encryption at rest").

  • We do not store account payment (credit card) details, our 3rd party payment processor holds that information
  • We store logs and database backups for up to 1 month
  • We store details of deleted accounts/users for up to 2 months
Integration Execution

Integration processes execute in isolated, account unique, temporary run-time environments.

IntegrateHQ follows the serverless paradigm. Before each integration process executes a new, strongly isolated, integration execution run-time is provisioned 1. The integration runs to completion in this environment after which the environment, along with temporary artifacts created during the run, is destroyed.
1 When launching an integration in an "event triggered" fashion, if multiple event occur in rapid succession, the same run-time environment may be re-used to process each event sequentially. This re-use only happens for the same account running the same integration so there is zero risk of "cross account" data leaks.
Account Access

Users must be explicitly authorized access an IntegrateHQ account.

Each IntegrateHQ user requires their own log in credentials, and IntegrateHQ account administrators can authorize users to access that IntegrateHQ account. Our customer support team may only access your account if you explicitly authorize access from your "Profile and Preferences" page.

Our Sub-processors

We have GDPR compliant data protection agreements in place with our sub-processors.

You can view our current list of sub-processors here.

Data Processing Agreement (DPA)

Highway Signpost with Data Transfer wording on Sky Background.

Drop us a line if you require a General Data Protection Regulation (GDPR) compliant DPA with us

Contact us