We only process and store the information required for you to sign up to IRIS and process payments. Payments themselves are handled by Stripe, unless you’re on an Enterprise plan paying via invoices. (See “Can I pay by debit/credit card?”)
The files you upload are processed then stored on secure Google Cloud servers. They are there indefinitely until you decide to delete them — this is entirely controlled by you, the user. (See “How do you store my data? How long are my files stored for? And what happens after they are deleted?”)
Furthermore, IRIS has been audited and certified by several security checks:
- We’ve been certified by the government-backed Cyber Essentials to protect against cyber attacks;
- IRIS Clarity Studio has been pen tested by a CREST-approved third party to ensure it is built with the toughest security principles and controls;
- Our SIG audit enables us to leverage an industry-standard library of vetted questions that measure risk across 18 domains. Mapping each question to multiple controls and regulatory requirements enables us to simplify and standardise our information technology, resiliency, cyber security, data security and privacy;
- Our card payments are PCI Data Security Standards-compliant, ensuring that accepting, processing, storing or transmitting of credit card information is maintained in a secure environment.