Security & Trust

Built with Security at Every Layer

Incentrix is designed for financial-grade environments. We protect your compensation data, your partners' payouts, and your organisation's trust through rigorous controls, certifications, and continuous monitoring.

Talk to Our Security TeamRequest Security Report

Core Security Pillars

Six foundational controls that protect your data end-to-end.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation.

Access Control

Role-based access control (RBAC) ensures every user only sees and acts on data they are authorized for. Admin privileges follow the principle of least privilege.

Audit Trails

Every action — from plan edits to payout approvals — is recorded with a timestamp, user identity, and IP address. Logs are immutable and tamper-proof.

Infrastructure Security

Hosted on ISO 27001-certified cloud infrastructure with redundant data centers, automated failover, and 99.9% uptime SLA.

Authentication

Multi-factor authentication (MFA) is enforced for all accounts. Single Sign-On (SSO) support via SAML 2.0 and OAuth 2.0 for enterprise customers.

Backup & Recovery

Automated daily backups with point-in-time recovery. Recovery time objective (RTO) under 1 hour. Recovery point objective (RPO) under 15 minutes.

Compliance

Recognised Certifications & Standards

Incentrix undergoes independent audits and maintains certifications that validate the security, availability, and integrity of our platform. Enterprise customers receive full documentation on request.

Request Compliance Documentation
SOC 2 Type II

Independently audited security controls for availability, confidentiality, and processing integrity.

ISO 27001

International standard for information security management systems.

GDPR Compliant

Full compliance with EU General Data Protection Regulation for handling personal data.

RBI Guidelines

Adherent to Reserve Bank of India's data localisation and IT security framework for financial entities.

Ongoing Security Practices

Security is not a one-time checkbox. We operate continuously to stay ahead of threats.

Vulnerability Management

Continuous automated scanning for known CVEs across our codebase and dependencies. Critical vulnerabilities are patched within 24 hours of disclosure.

Penetration Testing

Annual third-party penetration tests conducted by certified ethical hackers. Results and remediation plans are available to enterprise customers on request.

Data Residency

Customer data is stored in India-based data centers by default, with options for regional data residency to meet local compliance requirements.

Network Security

Web Application Firewall (WAF), DDoS protection, and private VPC networking isolate customer environments. All traffic is monitored 24/7.

Vendor Risk Management

All third-party vendors and sub-processors undergo a rigorous security review before onboarding and annual reassessments thereafter.

Incident Response

A documented incident response plan with defined escalation paths. Customers are notified within 72 hours of any confirmed breach affecting their data.

Shared Responsibility Model

We secure the platform. You control access to your data.

Incentrix is responsible for

  • Physical and cloud infrastructure security
  • Platform-level encryption and key management
  • Application security and patching
  • SOC 2 and ISO 27001 compliance
  • DDoS protection and network monitoring
  • Business continuity and disaster recovery

You are responsible for

  • Managing user accounts and permissions
  • Enforcing MFA for your organisation's users
  • Keeping login credentials confidential
  • Reviewing access logs for suspicious activity
  • Reporting suspected incidents promptly
  • Training your team on security best practices

Responsible Disclosure

We welcome reports from the security research community. If you discover a potential vulnerability in Incentrix, please contact our security team directly. We commit to acknowledging receipt within 24 hours and providing a resolution timeline within 5 business days.

Report vulnerabilities to

security@loankone.com

Please include a detailed description, steps to reproduce, and potential impact. We do not take legal action against researchers who follow responsible disclosure guidelines.

Security Questions? We Are Here.

Our security and compliance team is available to answer questions, share audit reports, and walk you through our controls during your evaluation.

Contact Security TeamView All Features