Internal is on a mission to build a platform for internal tools that scales with your business, its products, and operations — and helps you exceed your obligations for protecting your customers’ personal and private data.
We continue to pursue security certifications that matter to our customers. We completed our SOC 2 Type II certification for security and availability.
Our servers are hosted in Google Cloud Platform, located in US data centers that are SOC 1, SOC 2 and ISO 27001 certified. Read more about Google Cloud Platform security.
We also offer an on-premises hosting option for our customers who prefer to host Internal behind their own VPN, or inside their own Virtual Private Cloud (VPC).
Internal retrieves your data on demand from your own systems, and we do not cache this data. Queries are made directly against your databases, business applications, and/or APIs instead of copying or extracting data into yet another system. Using Internal minimizes the movement of your data, avoids creating multiple sources of truth, and controls access to sensitive information.
We do store metadata from your systems — such as schema information, and the names of primary and foreign keys. This metadata is required to provide Internal’s no-code app builder experience.
It’s important to understand that Internal does store the values that your users input into Internal (such as form field inputs and filter values). These parameter values are required to provide you with a detailed audit log showing who did what and when using your internal tools. While the audit log feature provides a great way to regularly review system activity in accordance with your security and compliance policies, please talk to us if you are interested in turning it off. Alternatively, you can choose our on-premises offering.
Internal uses AES 256 bit encryption to secure all secrets and audit log data. In addition, TLS (SSL) encryption is used for all data in transit. We provide several options for securing connections to your database, including IP allowlisting, TLS/SSL, SSH, and on-premises deployment options. We also conduct regular pen testing with an independent third party auditor.
Internal provides many layers of access controls to protect your data — a flexible and extensible approach for companies with specialized security requirements and/or GDPR, SOC 2 or other legal, regulatory, or privacy considerations.
Authentication: Internal supports two-factor authentication and SSO (Okta Open ID Connect, Google OAuth, generic SAML 2.0).
Granular Permissions: Set fine-grained permissions for every field in your system. These permissions are enforced across the entire Internal platform, including all of your existing internal tools and the new tools your employees will create to help your business grow.