Income Lab is SOC 2 compliant. SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of the organization and the privacy of its clients. Income Lab users or those conducting due diligence may request a copy of our SOC 2 (Type II) report by contacting their account manager or [email protected].
Application Security
All user access is password protected. Multiple consecutive incorrect login attempts will trigger the locking of an account and require password reset. This helps protect user accounts from certain hacking attempts. All access to Income Lab application infrastructure is protected with two-factor authentication (2FA).
Income Lab application infrastructure is scanned and monitored regularly by independent security consultants to help ensure security best practices are followed.
Income Lab software is used for creating, monitoring, and managing financial plans. The software cannot be used to effect financial transactions, open or close accounts, or in any way move money into, out of, or between financial accounts. Any account data viewed within Income Lab via data integrations that have been established by application users is read-only. Data integrations do not allow anyone to effect changes to or transactions within financial accounts.
As part of its risk management strategy, Income Lab does not ask for or store certain sensitive personally identifiable information (PII), such as Social Security numbers, full birthdates, account numbers, or addresses.
Income Lab staff does not access or interact with customer data as part of normal operations. There may be cases where Income Lab interacts with customer data at the request of the customer for support purposes or where required by law. Income Lab may also inspect customer data to debug and troubleshoot platform issues.
Income Lab offers organizations and individual users the option to greatly enhance the security of their accounts by requiring multi-factor authentication (MFA) for a successful login. MFA is a core component of a strong security stance and greatly decreases the likelihood of accounts being compromised by malicious actors.
Income Lab utilizes Amazon Web Service (AWS) cloud technology. This means that physical infrastructure is hosted and managed within Amazon's secure data centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:
AWS data centers are housed in nondescript facilities and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. AWS facilities enjoy top-tier fire detection and suppression systems, redundant power systems, and climate control.
Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. Authorized staff must pass two-factor authentication (2FA) no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
We use PCI-compliant payment processor Stripe for encrypting and processing credit card payments. Income Lab's infrastructure provider is PCI Level 1 compliant. Income Lab does not store or keep any credit card information on its servers.
Income Lab takes security very seriously and investigates all reported vulnerabilities. If you would like to report a vulnerability or have a security concern regarding Income Lab services, please email [email protected].
Please provide full details of the suspected vulnerability so the Income Lab security team may validate and reproduce the issue.