Information Security Statement
Welcome to Intersect’s system security statement.
This Statement should be read in conjunction with Intersect’s Terms of Service, Privacy Policy, and POPIA page. Intersect protects you against the unauthorized access, use, and disclosure of your information, both in transit when you access your information and at rest in our server. We abide by the relevant data protection legislation. Highlighted below are a few of our key controls and are detailed as follows:
1. Protection of Data in Transit
Data transferred between your browser and Intersect’s servers is encrypted and secured by SSL certificates—the same protocol used by your internet banking—so that no one can eavesdrop on your communications.
2. Protection of Data at Rest
Intersect’s servers are located in a datacenter in South Africa, hosted by Microsoft Azure. Access to the buildings, data floors, and individual areas is strictly controlled through individually programmed access cards, using biometrics and visual identification, ensuring secure, single-person entry.
3. High Security Standards
Intersect’s inward and outward-facing infrastructure follows the Open Web Application Security Project (OWASP) guidelines. Role-based access controls are in place to limit the amount of information any one member of our team has access to.
Our system is constantly being developed to protect your data from common attacks, such as cross-site scripting (XSS) and SQL injection. The processes we use have been designed with security first approach, and we continuously evaluate ways to update and improve them.
Intersect reviews the security measures of our service providers before contracting with them, ensuring that they are not a weak link in terms of our security. The Microsoft Azure datacenter has effective technical and organizational measures in place to ensure the protection of all information assets across their global operations. Meeting the stringent international security and compliance standards has led to them receiving internationally recognized certifications and accreditations, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2, and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).
4. Availability and Confidentiality
Intersect’s database runs in multi-AZ (Availability Zone) mode, meaning that in the unlikely event that a data center goes down, there is automatic failover onto a backup AZ. This is possible due to our information being instantaneously backed up to a secondary location. Our critical infrastructure has alerts in place for unsatisfactory performance and is also monitored manually by our team to maintain service.
Your password’s confidentiality is preserved by storing it via a one-way hash function on our database. This means that even if an unauthorized person were able to access Intersect’s server, this information is still protected.
5. Two-Factor Authentication
To verify the identity of the user who is logging in, Intersect offers a two-factor authentication system, whereby logging in and performing certain actions requires a newly generated verification code. This means that even if your password were to be compromised, an unauthorized user would still be barred from accessing your account.
6. Personal Data Breach Process
In the unlikely event of a data breach, Intersect will contact all affected parties in accordance with our data breach process. This process is formulated to meet the data protection requirements of our operational region, in South Africa.
If you have any queries about these terms and conditions, please email us at legal@intersectconnect.com.
This policy was last updated 1 March 2025
