Insomnia Security Standards

How is data processed when sent to Insomnia servers?

  • Information is sent over TLS
  • Information sent is end-to-end encrypted, learn more here.

Where is our information stored?

  • Information is stored in GCP, in US Central region
  • Information inside of GCP is stored within Postgres

Do we have any compliance certifications?

Not at the moment.

Do you have any penetration test results from external parties?

Not at the moment.

What authentication is implemented by the application?

  • Secure Remote Passwords (SRP) encrypted key exchange protocol.

Read our End to End Encryption FAQ to learn more.

How often do you release major updates, and or security patches?

  • Major updates are usually released once a month, or every two weeks depending on the scope.
  • Security, and hotfix patches are handled on a case-by-case basis and can occur at any time.

Do you retain server logs, or event logs?

  • All server logs stored, are kept within GCP, and only accessed by engineers authorized to manage the Insomnia servers.

Do you maintain documentation when an incident / event occurs?

  • When an incident occurs, we perform an internal post-mortem and delegate information accordingly. Either through the site in the form of a blog post, or through social media / support on a case-by-case basis.

In case of a breach do you notify customers?

  • Yes, via email

What is your primary point of contact?