Access control and organizational security

Personnel

All of our employees and contractors sign confidentiality agreements before gaining access to our systems, software, data, and code. Each person at FirstIgnite is trained and made aware of security concerns around access and best practices for our systems.

Regular reviews and testing

Our software infrastructure is updated regularly with the latest security patches. We employ manual and automated testing throughout our development pipeline to be cognizant of potential vulnerabilities before any updates are deployed to production.

Team responsibilities

Our backend engineering team is responsible for security, infrastructure, and performance and is in charge of access/identity management, and log file management. Their responsibilities include:

• Reviewing all changes to the code and infrastructure to ensure they follow best practices and security guidelines (such as OWASP)
• Building and operating FirstIgnite’s infrastructure, including logs, monitoring, and authentication
• Reviewing, testing, and designing incident response processes
• Responding to alerts triggered by any security events
• Monitoring and alerting on anomalous activity
• Coordinating vulnerability testing with external security researchers

Incident management and disaster recovery

Redundancy

Our entire infrastructure is hosted in the cloud, and all user data is redundant. Files uploaded by our customers are stored on servers that utilize cutting-edge technology to eliminate bottlenecks and points of failure.

Backups

We perform multiple backups per week of all databases and files. Our backups are encrypted and stored safely by our cloud provider. We have procedures for responding to incidents managed by our engineering team. In the event of an incident, we contact impacted account owners and work with them closely until the issue is resolved.

Hosting Architecture

FirstIgnite is hosted on Google Cloud Platform (“GCP”) in the United States of America and protected by the robust security measures provided by Google. The production environment within GCP, where the FirstIgnite Services and Customer Data are hosted, is logically isolated in a Virtual Private Cloud (VPC). Customer Data stored within GCP is encrypted at all times. Google does not have access to unencrypted Customer Data. More information about GCP security is available at https://cloud.google.com/security/ and https://cloud.google.com/terms/data-processing-terms. For GCP Compliance documentation, please see https://cloud.google.com/security/compliance/.

Training Data

At FirstIgnite, we place the highest importance on the respect for and protection of your privacy and confidentiality. Our AI/LLM platforms do not use information provided by you (the user) within the FirstIgnite platform for training purposes. The user input and data shared with us are used solely for the intended function of delivering our services to you as the user.

We also want to reassure you that user inputs and related data are not disclosed, sold, or shared publicly or with any third parties unless we have obtained explicit permission from you. This means your research, project engagement data, business contacts, internal communications, and other sensitive information remain strictly confidential.

Should we change any aspect of this policy in the future, we will seek and obtain your consent prior to that change in use.

Third Parties

We partner with trusted service providers to operate our platform and provide functionality like calendar integration, video meetings, and other communications.

Nylas

We use Nylas to allow users to connect their calendars with FirstIgnite to streamline meeting scheduling. Nylas is a Google and Microsoft verified partner and is certified in the latest security standards including SOC 2 and GDPR. You can access their security overview here.

Zoom

We partnered with Zoom, allowing for video and dial-in meetings to take place on the platform. Zoom is trusted by over 300 million users every day, and is globally certified in SOC 2, CSA STAR Level 2, ISO 27001, and others. You can view their security overview here.

Stripe

We integrate with Stripe to support payments and payouts on the platform. FirstIgnite does not store any sensitive payment data. Stripe is a PCI Level 1 Service Provider which is the most stringent level of certification available in the payments industry. Their security docs are available here.

Plaid

We use Plaid in conjunction with Stripe so that users can easily and securely link their bank accounts to be used for payments and payouts. Plaid is certified in both ISO 27001, and ISO 27701, and is SOC 2 compliant. You can find more details here.

Encryption In Transit and At Rest

Encryption in transit

All internet traffic between our servers and your device is encrypted with SSL/TLS using the latest encryption protocols. We require HTTPS on all requests, use HTTP Strict Transport Security, authenticated origin pulls, and perform browser integrity checks to prevent MITM attacks and cookie hijacking.

Encryption at rest

We employ military-grade encryption (AES-256) and tamper-proofing mechanisms on sensitive user data, including chat messages and files that are shared on the platform, to protect data integrity in the event of a breach. Non-sensitive information is not encrypted when stored but is saved to a database on an encrypted instance.

​Have a concern? Want to learn more?

​​Please send us a note here. We’re happy to help in any way we can.