Trust & Security

We want you to feel confident in your data’s security and privacy. That’s why we’re here to explain GDPR, which stands for the General Data Protection Regulation. This important law safeguards the privacy of individuals in the European Union (EU) and European Economic Area (EEA). We’re proud to be 100% GDPR compliant. While GDPR primarily focuses on the EU and EEA, our commitment to data protection knows no boundaries. We apply the same high standards of privacy and security to all users, regardless of where they are located. Your data’s safety is our top priority, and we maintain stringent privacy practice.

We don’t transfer data to third countries because we want to ensure that your data is protected and secure. The sub-contractors we use to perform our service also store all data within the EU. For a list of specific subcontracts please contact legal@lifeinside.io.

Yes, we have enterprise agreements in place with all our sub-processors.

We establish Data Processing Agreements with our customers and require sub-processors to adhere to the same standards, ensuring responsible data handling and protection.

We proactively monitor and review our GDPR compliance, conducting internal audits and ensuring our data protection practices are continuously up-to-date.

We are dedicated to an ongoing process of enhancing our cybersecurity measures to ensure the highest level of protection for our clients’ data. Our approach involves: Regular Reviews and Updates: We routinely assess our cybersecurity policies and procedures to identify opportunities for improvement. Following these assessments, we update our practices to address any vulnerabilities and to incorporate new security protocols as they emerge. Proactive Threat Detection: Our security team is vigilant in monitoring for emerging threats and employs the latest intelligence to preemptively adjust our defenses. Technology and Training Investments: We continuously invest in advanced security technologies and in-depth training for our team to ensure they are equipped to recognize and respond to cybersecurity challenges. Policy Development: Our internal policies are regularly revisited and revised to reflect the latest in cybersecurity advancements and to integrate lessons learned from ongoing security activities.

Our ISMS documents the entirety of our cloud service operations, ensuring clarity and precision. It covers all necessary operational units, locations, personnel, and processes associated with delivering our cloud service, facilitating a systematic approach to information security.

Our data processing aligns with the main contract’s objectives. For Human Video, this primarily means facilitating video content for external communication on our clients’ websites — we process only the data necessary for these purposes, such as names, job titles, emails, phone numbers, and videos. For AI Video Agents, we process conversation transcripts and analytics data to power engagement insights, and where enabled, voluntarily shared contact information. In both cases, only the minimum necessary data is processed.

For Human Video, we collect personal data such as names, job titles, email addresses, phone numbers, and video content from participating employees, solely for fulfilling our service agreements and enabling communication on client websites. For AI Video Agents, we collect conversation transcripts, engagement analytics (such as sentiment analysis and journey insights) and, where the customer has enabled it and the visitor has given consent, contact information voluntarily provided during the conversation. No employee personal data is collected for AI agents.

We only process personal data for the purpose of providing our customers with the best possible service. For Human Video, this includes using personal data to send out video requests and collect video content for external communication on your website. For AI Video Agents, this includes processing conversation transcripts and generating engagement analytics (via AgentLoop™) to help our customers understand and improve their visitor interactions.

Only your company’s Life Inside admins and authorized personnel at Life Inside will have access to the data. This includes employees who need access to the data to perform their job duties. We have a strict access control system in place to ensure that only authorized personnel can access the data.

The agreement remains in effect for as long as you wish to use our service. Should you decide to remove any videos from your platform, all associated personal information will be automatically deleted and purged. For AI Video Agents, conversation transcripts and associated analytics data are deleted when the agent is removed or upon request. Similarly, if at any point you choose not to continue using the Life Inside service, all videos, conversation data and their connected personal information will be automatically purged.

You as a customer own your data. All personal data is deleted in a timely manner once it is no longer necessary for the purposes for which it was collected or processed, or as required by law. Data subjects — whether employees participating in Human Video or website visitors interacting with AI Video Agents — have the right to request the deletion of their personal data, and we comply with such requests in accordance with relevant data protection laws and regulations. In addition, at the customer’s request, Life Inside will delete or enable the customer to delete personal data on her own. If a service agreement ends, Life Inside will either delete or return all personal data and any copies (depending on customer preferences) in a manner that is consistent with privacy policies and relevant data protection laws and regulations.

Data subjects can contact our customer service department at support@lifeinside.io to access, rectify, erase, or transfer their personal data.

For Human Video, we have a consent process in place when video testimonials are submitted. This allows users to specify their preferences during the submission process, ensuring transparency and compliance. For AI Video Agents, website visitors give active consent before starting a conversation. Transcripts and analytics are only collected after the visitor has accepted. If contact information collection is enabled by the customer, the visitor is informed and must consent to this separately. Admins can effortlessly track and manage all consents across both products, ensuring compliance and user control.

We respect your privacy and only share your data with third-party service providers when it’s necessary to provide you with our services. These providers are carefully selected and bound by strict data protection agreements to ensure the confidentiality and integrity of your data. Your personal data is not sold, traded, or shared with any other third parties without your explicit consent.

We are dedicated to protecting data integrity and confidentiality using robust encryption standards. For data at rest, we use Advanced Encryption Standard (AES) mechanisms, while in transit, we ensure protection through Transport Layer Security (TLS) 1.2 protocols. Our comprehensive cybersecurity strategy includes deploying AWS WAF, AWS Shield Standard, and Amazon GuardDuty to safeguard against a wide array of cyber threats. Organizationally, we maintain a rigorous schedule of data protection impact assessments to preemptively address any security concerns. Our staff is continually educated on GDPR compliance and data protection best practices, ensuring that everyone understands their role in maintaining our high security standards. Additionally, we have established policies for the usage of cryptographic measures during data transmission and remote access to our production environment, bolstering our defense against unauthorized access. We recognize the importance of safeguarding client data during storage and have implemented stringent technical safeguards to this effect. We commit to keeping our clients informed with regular updates regarding any changes that might affect the confidentiality of their data. While our key management processes are robust, we are actively working to enhance our procedures related to the use of private and secret keys, recognizing the importance of constant improvement in our security practices.

We have established an information security policy that sets security objectives aligned with our business goals. Approved by top management, this policy is accessible to our personnel and underpins our commitment to securing our operations and data.

Our risk management policy is robust, involving meticulous identification, analysis, and prioritization of risks. We implement a detailed risk treatment plan to mitigate risks to acceptable levels, which is regularly reviewed and updated.

Our Supplier Relationship Policy mandates high security standards for Sub-processors, including due diligence and security requirements in service agreements.

Personal data is retained only for the necessary duration and securely deleted according to our data retention policy. Upon termination of services, all personal data is purged following our strict guidelines.

We have implemented comprehensive security measures such as firewalls, encryption, secure login processes, and rigorous access controls to protect against unauthorized access and data breaches.

We have a comprehensive risk management framework that identifies, analyzes, and mitigates IT risks, focusing on information security risks associated with our cloud services.

All personnel adhere to strict information security policies, which are part of their terms of employment. This includes comprehensive non-disclosure agreements with employees, service providers, and suppliers. We also provide bespoke security awareness and training programs to our staff, with rigorous reviews to maintain currency with the evolving threat landscape.

We prioritize secure asset management by maintaining a comprehensive inventory of assets integral to our cloud service. This includes strict policies against the use of removable media and detailed procedures for commissioning and decommissioning hardware.

Our physical security is designed to support our cloud-centric operations. We ensure the safety of our equipment and data with secure office access controls. These measures include access authentication required to enter our office premises. This approach is in line with our commitment to maintaining a secure and controlled environment for our team and our clients’ data.

Our operational security includes capacity management and protective measures against malware threats. We employ Amazon GuardDuty and maintain up-to-date anti-malware solutions to safeguard our systems.

We have implemented policies to ensure the integrity and security of non-sensitive data. Our backup and recovery measures are thoroughly documented and executed, with regular testing to verify efficiency.

We maintain comprehensive policies for logging and monitoring system events, ensuring the security of cloud service derived data. This includes strict management of data access, storage, and deletion protocols.

We have instituted meticulous policies to identify and address vulnerabilities within our system components. Our approach involves systematic detection, rigorous assessment, and timely mitigation.

Our incident response plan ensures prompt and effective action, including immediate classification, assessment, containment strategies, and communication in compliance with GDPR Articles 33 and 34.

Our access control policies are based on industry standards, incorporating "least privilege" and "need-to-know" principles. We utilize role-based access controls to ensure a thorough division of responsibilities.

We adhere to industry standards for cryptography, employing robust cryptographic tools for data transfers and extending protection to data at rest. Our communication channels remain open to inform clients of any shifts that might impact data confidentiality.

Our technical guards, including AWS WAF and AWS Shield Standard, play a crucial role in securing our communication channels. We ensure data transmission integrity and confidentiality using top-tier encryption tools like TLS 1.3.

We are committed to meticulous data management standards, which include robust procedures to ensure data sanctity even during deletion. We conduct a meticulous purge when a cloud service contract concludes, abiding by our stringent data retention guidelines.

We maintain structured change management policies, which include version control procedures to monitor and track individual modifications and restore system components to their prior state when necessary.

We have well-defined policies and procedures for a swift and effective response to any security incidents. Our structured approach includes incident classification, escalation pathways, and specific triggers that activate our business continuity mechanisms.

We’ve made the login process secure and straightforward for your company administrators. We use Auth0, a trusted authentication and authorization platform known for its reliability and security. This ensures that admins can access their platform seamlessly while knowing that their login is protected by industry-leading security measures.

We use a variety of security measures to protect your data, including: Encryption: We encrypt all data in transit and at rest using TLS 1.3 (Transport Layer Security) encryption algorithms. This means that your data is scrambled so that it cannot be read by unauthorized individuals. Access controls: We only give access to your data to authorized personnel who need it to perform their job duties. We regularly review our access logs to make sure that only authorized personnel are accessing the data. Firewalls: Our cloud-based services use firewalls to prevent unauthorized access to our servers. Regular security audits: Regular audits and reviews of our security practices to ensure compliance with relevant data protection laws and regulations. We regularly review our security practices to ensure that they are compliant with the latest data protection laws and regulations.

We don’t use cookies for tracking on your website. Instead, we utilize ID sessions and local storage with non-personal information solely to remember visitor preferences related to our video widget.