Compliance Security

Insightly is certified for a number of compliance standards and controls, and undergoes independent third party audits to test for data safety, privacy, and security.

A SOC 2, Type II attestation reports on controls relevant to security, availability, processing integrity, confidentiality or privacy. SOC 2, Type II is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service.

Please reach out to your Customer Success Manager or Account Executive to receive a copy of Insightly’s SOC 2 report.

The Insightly Main Subscription Agreement (MSA) and Data Processing Addendum (DPA), as updated from time to time, address the obligations and requirements of the European Union General Data Protection Regulation (GDPR); the UK Data Protection Act 2018 (collectively, “UK Privacy Law”), or any successor laws of the above. These documents make it easy for customers to share information with their stakeholders, including compliance and privacy managers, customers and potential auditors.

The Insightly Main Subscription Agreement (MSA) and Data Processing Addendum (DPA) address the obligations and requirements of the California Consumer Privacy Act (CCPA)

Insightly is fully compliant with all obligations required for the privacy and security of Protected Health Information including those defined by the HIPAA Security Rule as a Business Associate under the United States Health Insurance Portability and Accountability Act of 1996.


  • Provided training to customer-facing staff on their roles and responsibilities for compliance
  • Updated company-wide security awareness materials to include new customer personal data protection and privacy practices;
  • Established and assigned data protection roles and responsibilities;
  • Established for data subjects to submit requests
  • California consumers (as defined by the CCPA) may exercise their rights by sending an email to
  • Retained outside counsel with extensive expertise in privacy and security matters to provide ongoing advisory services for privacy compliance


  • Completed and revises privacy risk assessment to support customer data protection impact assessments
  • Maintains SOC 2 security and confidentiality controls to support processing activities for protection of customer personal data
  • Established and reviews DPAs and CCPA addenda with sub-processors of customer personal data
  • Updated and reviews the Insightly Privacy Policy and procedures for compliance with privacy laws, regulations and principles
  • Provides MSA, CCPA addendum and DPA upon request from to support customer compliance


  • Established a privacy-by-design checklist
  • Implemented features to support data subject requests from customers exercising their rights to erasure and data portability

Experience the Insightly platform for yourself