Privacy and GDPR

Highest level of GDPR with secure European servers, and much more. Find answers to our most common questions about data processing and security below. If you have any additional questions, reach out on legal@lifeinside.io.

Protection, IT security and GDPR

What is GDPR and does Life Inside comply with it?

We want you to feel confident in your data's security and privacy. That's why we're here to explain GDPR, which stands for the General Data Protection Regulation. This important law safeguards the privacy of individuals in the European Union (EU) and European Economic Area (EEA).

We’re proud to be 100% GDPR compliant. While GDPR primarily focuses on the EU and EEA, our commitment to data protection knows no boundaries. We apply the same high standards of privacy and security to all users, regardless of where they are located. Your data's safety is our top priority, and we maintain stringent privacy practice.

Does Life Inside transfer data to any third countries?

We don’t transfer data to third countries because we want to ensure that your data is protected and secure. The sub-contractors we use to performe our service also store all data within the EU. For a list of specific subcontracts please contact legal@lifeinside.io.

Does Life Inside have enterprise agreements with all its sub-processors?

Yes, we have enterprise agreements in place with all our sub-processors.

How does Life Inside handle Data Processing Agreements (DPAs)?

We establish Data Processing Agreements with our customers and require sub-processors to adhere to the same standards, ensuring responsible data handling and protection.

How does Life Inside monitor GDPR compliance?

We proactively monitor and review our GDPR compliance, conducting internal audits and ensuring our data protection practices are continuously up-to-date.

What is Life Inside's approach to continuous improvement in cybersecurity?

We are dedicated to an ongoing process of enhancing our cybersecurity measures to ensure the highest level of protection for our clients' data. Our approach involves:

Regular Reviews and Updates:
- We routinely assess our cybersecurity policies and procedures to identify opportunities for improvement.
- Following these assessments, we update our practices to address any vulnerabilities and to incorporate new security protocols as they emerge.

Proactive Threat Detection:
- Our security team is vigilant in monitoring for emerging threats and employs the latest intelligence to preemptively adjust our defenses.

Technology and Training Investments:
- We continuously invest in advanced security technologies and in-depth training for our team to ensure they are equipped to recognize and respond to cybersecurity challenges.

Policy Development:
- Our internal policies are regularly revisited and revised to reflect the latest in cybersecurity advancements and to integrate lessons learned from ongoing operations.

We are unwavering in our commitment to not just maintaining but actively improving our cybersecurity framework. We understand the importance of adapting to the constantly changing security landscape to safeguard personal data effectively.

Does Life Inside have an Information Security Management System (ISIMS) and can you detail the scope?

Our ISMS documents the entirety of our cloud service operations, ensuring clarity and precision. It covers all necessary operational units, locations, personnel, and processes associated with delivering our cloud service, facilitating a systematic approach to information security.

How does Life Inside ensure the processing of personal data is both necessary and proportionate?

Our data processing aligns with the main contract's objectives, primarily facilitating video content for external communication on our clients' websites. We process only the data necessary for these purposes, such as names, job titles, emails, phone numbers, and videos.

Collection, processing, and user rights

What personal data does Life Inside collect and for what purposes?

We collect personal data such as names, job titles, email addresses, phone numbers, and video content solely for fulfilling our service agreements and enabling communication on client websites.

What is the purpose of processing the data?

We only process personal data for the purpose of providing our customers with the best possible service. This for example includes using personal data to send out video requests and collect video content for external communication on your website.

Who will have access to the data?

Only your company’s Life Inside admins and authorized personnel at Life Inside will have access to the data. This includes employees who need access to the data to perform their job duties. We have a strict access control system in place to ensure that only authorized personnel can access the data.

How long is the term of the agreement/processing?

The agreement remains in effect for as long as you wish to use our service. Should you decide to remove any videos from your platform, all associated personal information will be automatically deleted and purged.

Similarly, if at any point you choose not to continue using the Life Inside service, all videos and their connected personal information will be automatically purged.

What are the rights of the employees and/or customers in relation to their data?

You as a customer own your data. All personal data is deleted in a timely manner once it is no longer necessary for the purposes for which it was collected or processed, or as required by law. Data subjects have the right to request the deletion of their personal data, and we comply with such requests in accordance with relevant data protection laws and regulations.

In addition, at the customer's request, Life Inside will delete or enable the customer to delete personal data on her own. If a service agreement ends, Life Inside will either delete or return all personal data and any copies (depending on customer preferences) in a manner that is consistent with privacy policies and relevant data protection laws and regulations.

How can data subjects exercise their rights at Life Inside?

Data subjects can contact our customer service department at support@lifeinside.io to access, rectify, erase, or transfer their personal data.

Is there a consent process when video testimonials are being submitted?

We have a consent process in place when video testimonials are submitted. This allows users to specify their preferences during the submission process, ensuring transparency and compliance. Admins can effortlessly track and manage these consents, ensuring compliance and user control.

Is our data shared with anyone else?

We respect your privacy and only share your data with third-party service providers when it's necessary to provide you with our services. These providers are carefully selected and bound by strict data protection agreements to ensure the confidentiality and integrity of your data. Your personal data is not sold, traded, or shared with any other third parties without your explicit consent.

Technical measures and data security

What technical and organizational measures does Life Inside implement for data protection?

We are dedicated to protecting data integrity and confidentiality using robust encryption standards. For data at rest, we use Advanced Encryption Standard (AES) mechanisms, while in transit, we ensure protection through Transport Layer Security (TLS) 1.2 protocols. Our comprehensive cybersecurity strategy includes deploying AWS WAF, AWS Shield Standard, and Amazon GuardDuty to safeguard against a wide array of cyber threats.
Organizationally, we maintain a rigorous schedule of data protection impact assessments to preemptively address any security concerns. Our staff is continually educated on GDPR compliance and data protection best practices, ensuring that everyone understands their role in maintaining our high security standards.

Additionally, we have established policies for the usage of cryptographic measures during data transmission and remote access to our production environment, bolstering our defense against unauthorized access. We recognize the importance of safeguarding client data during storage and have implemented stringent technical safeguards to this effect.
We commit to keeping our clients informed with regular updates regarding any changes that might affect the confidentiality of their data. While our key management processes are robust, we are actively working to enhance our procedures related to the use of private and secret keys, recognizing the importance of constant improvement in our security practices.

What are Life Inside's Information Security Policies?

We have established an information security policy that sets security objectives aligned with our business goals. Approved by top management, this policy is accessible to our personnel and underpins our commitment to securing our operations and data.

How comprehensive is Life Inside's risk management policy?

Our risk management policy is robust, involving meticulous identification, analysis, and prioritization of risks. We implement a detailed risk treatment plan to mitigate risks to acceptable levels, which is regularly reviewed and updated.

What security standards are set for sub-processors?

Our Supplier Relationship Policy mandates high security standards for Sub-processors, including due diligence and security requirements in service agreements.

How does Life Inside approach data retention and deletion?

Personal data is retained only for the necessary duration and securely deleted according to our data retention policy. Upon termination of services, all personal data is purged following our strict guidelines.

What additional IT security measures does Life Inside have in place?

We have implemented comprehensive security measures such as firewalls, encryption, secure login processes, and rigorous access controls to protect against unauthorized access and data breaches.

Operational security and risk management

How does Life Inside manage IT risks?

We have a comprehensive risk management framework that identifies, analyzes, and mitigates IT risks, focusing on information security risks associated with our cloud services.

What measures do Life Inside take to ensure human resource security?

All personnel adhere to strict information security policies, which are part of their terms of employment. This includes comprehensive non-disclosure agreements with employees, service providers, and suppliers. We also provide bespoke security awareness and training programs to our staff, with rigorous reviews to maintain currency with the evolving threat landscape.

How is asset management handled?

We prioritize secure asset management by maintaining a comprehensive inventory of assets integral to our cloud service. This includes strict policies against the use of removable media and detailed procedures for commissioning and decommissioning hardware.

What physical security measures are in place?

Our physical security is designed to support our cloud-centric operations. We ensure the safety of our equipment and data with secure office access controls. These measures include access authentication required to enter our office premises. This approach is in line with our commitment to maintaining a secure and controlled environment for our team and our clients' data.

Can you elaborate on your operational security measures?

Our operational security includes capacity management and protective measures against malware threats. We employ Amazon GuardDuty and maintain up-to-date anti-malware solutions to safeguard our systems.

How does Life Inside approach data backup and recovery?

We have implemented policies to ensure the integrity and security of non-sensitive data. Our backup and recovery measures are thoroughly documented and executed, with regular testing to verify efficiency.

Could you explain Life Inside's logging and monitoring processes?

We maintain comprehensive policies for logging and monitoring system events, ensuring the security of cloud service derived data. This includes strict management of data access, storage, and deletion protocols.

How does Life Inside manage vulnerabilities, malfunctions, and errors?

We have instituted meticulous policies to identify and address vulnerabilities within our system components. Our approach involves systematic detection, rigorous assessment, and timely mitigation.

Can you describe Life Inside incident response plan for data breaches?

Our incident response plan ensures prompt and effective action, including immediate classification, assessment, containment strategies, and communication in compliance with GDPR Articles 33 and 34.

Identity, access and communication security

How is identity, authentication, and access control managed?

Our access control policies are based on industry standards, incorporating "least privilege" and "need-to-know" principles. We utilize role-based access controls to ensure a thorough division of responsibilities.

What cryptography and key management practices does Life Inside follow?

We adhere to industry standards for cryptography, employing robust cryptographic tools for data transfers and extending protection to data at rest. Our communication channels remain open to inform clients of any shifts that might impact data confidentiality.

Could you detail Life Inside's communication security practices?

Our technical guards, including AWS WAF and AWS Shield Standard, play a crucial role in securing our communication channels. We ensure data transmission integrity and confidentiality using top-tier encryption tools like TLS 1.2.

How does Life Inside ensure the portability and interoperability of data?

We are committed to meticulous data management standards, which include robust procedures to ensure data sanctity even during deletion. We conduct a meticulous purge when a cloud service contract concludes, abiding by our stringent data retention guidelines.

What is Life Inside's approach to change and configuration management?

We maintain structured change management policies, which include version control procedures to monitor and track individual modifications and restore system components to their prior state when necessary.

How does incident management work?

We have well-defined policies and procedures for a swift and effective response to any security incidents. Our structured approach includes incident classification, escalation pathways, and specific triggers that activate our business continuity mechanisms.

How does the login process work for admins?

We've made the login process secure and straightforward for your company administrators. We use Auth0, a trusted authentication and authorization platform known for its reliability and security. This ensures that admins can access their platform seamlessly while knowing that their login is protected by industry-leading security measures.

How will the data be protected?

We use a variety of security measures to protect your data, including:

Encryption: We encrypt all data in transit and at rest using TLS 1.2 (Transport Layer Security) encryption algorithms. This means that your data is scrambled so that it cannot be read by unauthorized individuals.
Access controls: We only give access to your data to authorized personnel who need it to perform their job duties. We regularly review our access logs to make sure that only authorized personnel are accessing the data.
Firewalls: Our cloud-based services use firewalls to prevent unauthorized access to our servers.
Regular security audits: Regular audits and reviews of our security practices to ensure compliance with relevant data protection laws and regulations.
We regularly review our security practices to ensure that they are compliant with the latest data protection laws and regulations.

Cookies and tracking

Does Life Inside drop any cookies on your website visitors?

We don’t use cookies for tracking on your website. Instead, we utilize ID sessions and local storage with non-personal information solely to remember visitor preferences related to our video widget.

Wow, that was a lot – start creating videos instead

Join the interactive video revolution. Add authentic and interactive (and GDPR-compliant!) video testimonials anywhere on your website or career site.

Start free trial

Or contact us for more information.