Security approach
We use layered technical and organisational measures proportionate to the service and the information processed.
- HTTPS for data in transit.
- Hashed account passwords and encrypted sensitive voucher values.
- Role-based access and campaign-level permissions.
- Protected imports, security tokens and audit records.
- Separation of campaign inventory from public pages.
- Backups, monitoring and incident response processes.
Customer responsibilities
Customers must use strong unique passwords, limit team access, remove former team members promptly, verify imported files and avoid sending sensitive inventories by ordinary email.
Reporting a concern
Email customercare@incentively.co with “Security” in the subject. Do not publicly disclose an unresolved vulnerability or access data beyond what is necessary to demonstrate the issue.
No absolute guarantee
No online service can promise complete security. We review controls as the platform develops and respond to suspected incidents in line with legal and contractual requirements.
Last updated: 18 July 2026. Policies may be updated as the service, law or suppliers change. Material changes will be communicated where required.
