Terms of Service

Nov 1, 2025

By using Indexos (“Service”), you agree to these Terms.

1. Use of Service

You must be 18 or older and use the Service only for lawful purposes.

2. Accounts

  • You are responsible for keeping your login credentials secure.
  • We use multi-factor authentication and encrypted storage for account data.

3. Customer Data

  • You retain all rights to your data.
  •  By using the Service, you grant Indexos permission to process data solely for providing the Service, in line with our Privacy Policy.

4. Security

We apply strong technical and organizational measures (encryption, MFA, access control) to protect your data.

5. Limitation of Liability

Indexos is not liable for indirect, incidental, or consequential damages.

6. Termination

You may cancel your account anytime. Data will be deleted per our Data Retention Policy

7. Contact

Indexos, Inc.

contact@indexos.com

Information Security Policy

Indexos maintains a structured Information Security Program aligned with ISO 27001 and SOC 2 principles.

1. Governance

  • Security is managed by our CTO and Security Lead.
  • We review this policy annually and after major system changes.

2. Access Control

  • All production access requires SSO + MFA.
  • Role-based access (least privilege).
  • Access reviews conducted quarterly.

3. Data Protection

  • In transit: TLS 1.2+
  • At rest: AES-256
  • Backups: encrypted, tested weekly.

4. Application Security

  • Code reviews required for all changes.
  • Automated vulnerability scanning (SAST/SCA).
  • Staging and production are isolated.
  • Security incidents tracked via ticketing system.

5. Infrastructure Security

  • Managed cloud (AWS/GCP) with hardened configurations.
  • Firewalls, private networking, IAM policies.
  • Regular patching and monitoring.

6. Vendor Security

  • Vendors are assessed for compliance (privacy, encryption, uptime).
  • Sub-processors listed at /subprocessors.

7. Incident Response

See Incident Response Plan for detection, containment, communication, and remediation.

8. Employee Security

Employees sign NDAs and receive onboarding and annual security training.

Data Retention & Deletion Policy

We retain data only for as long as necessary to provide the Service and comply with applicable laws.

Product
Typical Retention
Deletion Method
Account info
Active account + 1 year
Secure deletion from DB
Logs
90 days
Automated purge
Backups
30 days
Overwritten cycle
Payment & invoices
7 years
Legal retention
Support messages
1 year
Ticket purge

2. Customer Control

  • Customers may request deletion at any time by emailing contact@indexos.com.
  • We confirm deletion within 30 days.

3. Backup Handling

  • Backups are encrypted and automatically overwritten after expiration.
  • Restores are logged and limited to authorized admins.

4. Termination

Upon contract end, all personal data is deleted or returned to the customer per our DPA.

Table of contents

Indexos is your command center for smarter inventory management, forecasting, and financing

Company

Terms of ServicePrivacy PolicyBlog

© Indexos, 2025

SOC 2 Compliant