Security & trust
Built for teams who take access seriously
Inkode combines product security patterns with operational discipline. Formal certifications evolve with the business — this page describes our current posture in plain language.
Compliance roadmap
We align engineering and operational practices with common enterprise expectations (including SOC 2–style control themes such as access reviews, change management, and vendor diligence). If your procurement team needs a questionnaire, security appendix, or DPA review, contact us through Support.
Authentication and sessions
Customer access is handled through modern identity providers with secure session management. Workspace APIs require authenticated sessions or scoped tokens where documented.
Role-based access in workspaces
Organizations can restrict who creates, edits, or publishes QR codes, links, and barcodes. Activity visibility is designed to support operational accountability across teams.
Infrastructure and availability
The service is built for reliability with monitored deployments and defensive rate limiting on sensitive endpoints. We design for least-privilege access to production systems.
Data handling and subprocessors
We collect only what is needed to operate the product and provide analytics you configure. Enterprise customers can review subprocessors and security practices as part of onboarding.
What you can do in your workspace
- Enforce least-privilege roles for marketing, operations, and admins.
- Use custom domains and approved workflows for public-facing assets.
- Integrate via documented APIs and webhooks with signed delivery where supported.
- Export audit-relevant data for your internal retention policies.