Security Trust Center
Inspire Software is built to meet the security, compliance, and data handling requirements of mid-market and enterprise HR and IT teams. This page covers our compliance posture, data handling practices, access controls, encryption, and how to request detailed security documentation.
What is Inspire's compliance posture?
Our security program is designed around SOC 2 Trust Service Criteria. Full certification documentation available to enterprise prospects under NDA.
Data subject rights, DPAs, subprocessor transparency, and right to deletion are all supported. DPAs available on request.
California Consumer Privacy Act requirements are addressed in our privacy practices. See our Privacy Policy for details.
All primary data is hosted in US-based AWS infrastructure. Enterprise customers may request additional data residency configurations.
Supported with Okta, Azure AD / Entra ID, Google Workspace, OneLogin, and other SAML 2.0 compatible identity providers.
Automated user provisioning and deprovisioning via SCIM 2.0. Employees are added and removed based on your identity provider.
How does Inspire handle and protect customer data?
Data you control
You own your data. Inspire processes it on your behalf as a data processor. You can export all your data at any time. Upon contract termination, data is deleted according to your agreed retention schedule.
Employee PII handling
Employee names, emails, and work-related performance data are stored. We do not collect sensitive personal information (SSN, financial data, health records) as part of normal platform operations. See our AI Trust page for AI-specific data handling.
Data isolation
Customer data is logically isolated. One customer's data is never accessible to another customer. Multi-tenant architecture includes strict access controls at the application and database layers.
Backup and recovery
Data is backed up daily with point-in-time recovery available. Backup data is encrypted and stored in geographically separate locations. Recovery time objectives (RTOs) and recovery point objectives (RPOs) are documented in enterprise SLAs.
Incident response
We maintain an incident response plan. In the event of a security incident affecting customer data, we notify affected customers within 72 hours of confirmation — consistent with GDPR Article 33 requirements.
What access controls does Inspire provide?
| Control | Details |
|---|---|
| SSO (SAML 2.0) | Supported. Okta, Azure AD, Google, OneLogin. No extra cost. |
| SCIM 2.0 | Automated user provisioning/deprovisioning from your IdP. |
| Role-based access control | Admin, Manager, Employee, and custom roles with configurable permissions. |
| MFA | Multi-factor authentication supported via your SSO identity provider. |
| IP allowlisting | Available for enterprise customers — restrict access to approved network ranges. |
| Audit logging | Admin-level audit logs of user actions, configuration changes, and data exports. |
| Session management | Session timeouts, concurrent session limits, and forced re-authentication configurable. |
How is data encrypted?
What subprocessors does Inspire use?
Inspire uses a limited set of trusted subprocessors to deliver our platform services. Our full subprocessor list is available upon request. We notify customers of material changes to our subprocessors as required by our DPA.
Key subprocessor categories include: cloud infrastructure (hosting, storage, compute), email delivery, customer support tooling, and analytics infrastructure. We do not sell data to subprocessors or third parties.
Request Full Subprocessor List →Need security documentation?
Enterprise and IT teams can request our security overview, completed VSAQ/SIG questionnaire, penetration test executive summary, and DPA — available under NDA to qualified prospects.
