Information Machine LLC Security Policy


Personally Identifiable Information is not required to be collected from apps employing the Information Machine API. Our API identifies users through a unique identifier created by the app to represent a user.
Information Machine API Services are “read only”. No transactions can be made with a user’s account credentials.

Key components of our security include:

Data and Password Encryption

Password and account data are stored and transmitted in an encrypted format at all times. All data is securely housed in an Internet server hosting facility that provides enhanced physical security, fire protection and electronic shielding. employs DigiCert certificates for Secure Socket Layer (SSL) connections. Click on the lock icon in your browser’s status bar to learn more.

Network Intrusion Detection Systems

Network-based IDS (intrusion detection system) provides 24×7 network monitoring and alerts security personnel to any external attacks on the network.

Physical Security Measures

Information Machine infrastructure is hosted within the Microsoft Azure Cloud. Security personnel are physically present at these sites 24x7. Access to servers requires multiple levels of authentication, including biometrics (hand print scan) procedures.

Rigorous Audits and Inspections

The security infrastructure is regularly audited and inspected by industry-leading third party auditors and security experts. Annual external audits for PCI DSS, SOX and HIPAA compliance, as well as internal assessments take place throughout the year. Our hosting environment has obtained ISO/IEC 27001:2005 certification and SAS 70 Type 1 and II attestations.

Frequently Asked Questions

How do you protect my users' account passwords and user IDs?
All account information is entered through Secure Socket Layer (SSL), which creates an encrypted connection between your browser and our servers. We encrypt user passwords.  User passwords cannot be recovered, even by Information Machine. All backup drives and tapes are also encrypted.
Who has access to my users' store account login credentials?
Only your users have access create and manage store connection, logins, & passwords. Your app can check the status of store connections, but does not have access to a user’s account credentials.
How is account information protected during transmission?
Data is protected using industry AES-128 encryption. Your passwords are stored in an encrypted format at all times. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.
How is my account information protected from “Hackers” or outside intrusion?
Network-based intrusion detection systems (IDS) provide 24×7 network monitoring and alerts us to any external attempts to access the network. In addition, multiple layers of firewalls are used to guard against unauthorized access to the network.
What happens to account login information if a user disconnects from services offered through the API?
Once a disconnect request has been received by a user, account login data will be securely and permanently deleted from our database.