Safeguarding your data

To prevent disclosure of data, InQuartik has a documented information security policy and several measures from different aspects to prevent data leakage. The Incident Management Process (IMP) is also documented; we will always follow the IMP in the event of security incident resolution.

• ISO 27001 certified

  InQuartik is an ISO 27001 certified company that is dedicated to complying with strict information security frameworks and measures. The scope of the certification includes all InQuartik’s services — Patentcloud’s Quality Insights, Due Diligence, SEP OmniLytics, Patent Search, Design Search, and Patent Vault — as well as internal systems ranging from development, maintenance, and physical security, to the management of application systems, data protection systems, and network communications. Cybersecurity is our top priority — we are committed to the protection of any information disclosure in adherence to international standards. You can download our ISO 27001 certificate here. 

  

• Physical Security

  InQuartik hosts patent data via a hybrid cloud infrastructure, which consists of AWS Data Centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant in Oregon and Tokyo, as well as Taiwan Mobile Data Centers in Taipei—certified by Tier III in design, facility, and operations. InQuartik has a delegated team that monitors the physical security processes and controls regularly to ensure that access to critical entry points is restricted to authorized personnel only. With electronic access control systems deployed, we maintain and monitor an audit trail of the personnel that had access for at least 180 days.

• Network Security

  All of the Patentcloud traffic networks are routed through firewalls, which are configured to deny all traffic except that which is explicitly required for the business function. Our network is supported by accurate and up-to-date diagrams, documented control requirements, and procedures. All external connections to our networks and applications are individually identified, verified, recorded, and approved by the InQuartik security team in accordance with InQuartik’s Information Security Policy and industry best practices.

• People Security

  Before commencing employment, InQuartik performs background checks on its personnel. InQuartik has developed a set of security policies covering a range of topics that are shared with all of its employees. The security team provides additional security awareness updates via email, internal blog posts, and presentations during internal events. Upon termination of employment, access to the products and systems is revoked.

Dedicated to providing the most accurate patent data to our clients, we are committed to protecting the data from unauthorized modification. Whether the data is in transit or at rest, it is encrypted to ensure confidentiality and integrity.

• Data Transmission

  All data transmission between our server and the client will not be leaked, thus providing communications security over the network. By implementing industry-standard HTTPS/TLS 1.2, any data transmitted (such as the password or credit card information) across a network will be encrypted asymmetrically to prevent eavesdropping and tampering by a third party and ensures data confidentiality and integrity.

  

• Site-to-Site Communication

  Direct access between public networks (e.g., the internet) and internal InQuartik networks is restricted. Any unauthorized connection to InQuartik’s system, traffic, or database, both inbound and outbound, will not be allowed, thus ensuring our data is kept safe.The connection of a new network to our existing networks at any company location or data center shall go through an approval process by our security team and shall follow the standard for VPN tunnel connections. Remote connections, data access, and system access to our corporate network are accessed via VPNs and MPLS connections through managed gateways.

• Data at Rest

  Sensitive data stored in InQuartik’s services or systems is encrypted at rest in AWS using full disk, industry-standard AES-256 key encryption.

Important patent work cannot be interrupted for even a single second—that’s why we are committed to delivering products, applications, and networks that are stable and reliable at scale.

• System Monitoring

  InQuartik has deployed an intrusion detection tool into its systems to identify suspected or actual attacks and will respond following industry best practices. The anti-data leakage tool is also deployed, in accordance with industry best practices, to detect any unauthorized internal and external transfer of confidential information.

• Data Backup & Recovery

  InQuartik leverages AWS for a fully redundant, distributed, and automated environment. Customer data is also backed up by the redundant mechanism of AWS, and the restore procedures are periodically tested to verify that the data which is backed up is usable.

• System Development

  The development activities are carried out following a documented secured system development methodology. System development activities are performed in specialized development environments isolated from the live/production environments and are protected against disruption and disclosure of information. All elements of InQuartik’s systems are tested at all stages of the Secure Development Lifecycle (SDLC) before moving to the live/production environment. We ensure that live data (including personal/customer data) is not used within the test environments. To ensure the quality of our source code, we use static and dynamic analysis tools to inspect the code for library dependency and security vulnerabilities and remediate those vulnerabilities in the code before deploying it into the production environment.

  All of the changes to any part of InQuartik’s system are tested, reviewed, and applied using a documented change management process. The emergency fixes, security patches, and other relevant security vulnerability updates are implemented when available and approved unless this introduces greater business risk.

We adopt widely-accepted measures to authenticate and authorize users to our services, applications, and platforms using their own ID and password or social media accounts. User identity and access rights and privileges necessary to perform a user’s job function are granted in accordance with our guidelines as well.

• Social Network SSO

  Clients can enable native InQuartik sign-up or social media Single sign-on (SSO) for end-user authentication.

• Logged Activities

  We preserve complete user log data to trace back any data access activities and user information in order to prevent and detect unauthorized or unlawful access while providing secure access to authorized users and systems. Logged data is centrally stored using industry-standard or vendor-specific collection mechanisms.

• Role-Based Access Control

  Access to Patentcloud’s Patent Vault is managed by role-based access control (RBAC) and can be configured to define granular access privileges. InQuartik has various permission levels for users (admin, editor, and viewer) and allows the administrators in a company or organization to customize the accessible folders, folder history, tags, memos, as well as the editing authority in functionality levels.

We are committed to meeting the highest standards of personal data privacy and will support your organization in meeting data privacy obligations around the world. Visit our Privacy policy for more information.

• Personal Information

  All personal information stored in InQuartik and communication with InQuartik UI and APIs is encrypted via industry-standard HTTPS/TLS 1.2 over public networks. This ensures that all traffic between you and InQuartik is secure during transit. Additionally, for email, our product leverages opportunistic TLS by default.Most of the personal information stored in InQuartik’s server is hashed with SHA-256 mechanisms to prevent leakage, tampering, or eavesdropping by unauthorized personnel or workers.

• Payment Information

  We adopt Stripe and Tap Pay as our online payment systems for US Dollars and New Taiwan Dollars—complying with 2048-bit SLL encryption in transaction and PCI DSS at Service Provider Level 1. None of your credit card details will be recorded in either of these two online payment systems, thus keeping your important information safe.

• Guidelines for Law Enforcement

  InQuartik’s values underpin our approach to responding to law enforcement requests for customer data. To protect clients’ data privacy and rights, we only provide customer information to law enforcement when we reasonably believe there’s a legal requirement to do so and after a comprehensive legal review.

We comply with world-recognized standards to ensure that our clients’ data is processed and stored appropriately. You can visit our GDPR policy for further information.