> ## Documentation Index
> Fetch the complete documentation index at: https://docs.incident.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security FAQs

> Frequently asked questions about security and data handling.

Common questions about incident.io's security practices, data handling, and compliance. For more detailed information, visit our [Trust Center](https://trust.incident.io/).

<AccordionGroup>
  <Accordion title="What platform does incident.io run on?" id="platform">
    Our primary web application, Slack integration, and other related components are deployed onto the [Google Cloud Platform](https://cloud.google.com/) (GCP).

    Any data we store is kept either in our PostgreSQL database (also securely hosted and managed by GCP) or in GCP's BigQuery platform. All data is encrypted at rest in both Postgres and BigQuery.

    Two-factor authentication and IAM policies are applied to restrict access to resources within the Google Cloud Platform.
  </Accordion>

  <Accordion title="Are you SOC2 compliant?" id="soc2">
    Yes. We are happy to provide access to our SOC2 data room on request ([help@incident.io](mailto:help@incident.io)).
  </Accordion>

  <Accordion title="Where is our data stored?" id="data-storage">
    For transactional data processing (interacting with the Slackbot, and viewing the dashboard), the data is hosted in GCPs Belgium region, in [europe-west1](https://cloud.google.com/about/locations#europe). We additionally have a hot standby in the Netherlands region, [europe-west4](https://cloud.google.com/about/locations#europe).

    For analytical data processing (for our internal analytical use case), data is stored [within Europe](https://cloud.google.com/bigquery/docs/locations).

    We currently don't send any data outside of Europe.
  </Accordion>

  <Accordion title="Can you delete our data?" id="data-deletion">
    If you decide to stop using incident.io, we're happy to delete application data upon request. Just let us know at [help@incident.io](mailto:help@incident.io).

    For removing specific sensitive data from alerts, escalations, incidents, or AI processing, see [Managing sensitive data](/admin/managing-sensitive-data).
  </Accordion>

  <Accordion title="How do you authenticate users?" id="authentication">
    By default, users authenticate via Slack — however your organization authenticates with Slack (directly or via a single sign-on provider), that same mechanism is used to access incident.io.

    You can also configure [SAML SSO](/admin/saml-sso) to authenticate users through your identity provider instead.

    For the web application, temporary sessions are granted when you sign in. These periodically expire and are refreshed by redirecting the user through the OAuth flow. We can also revoke these tokens.

    For the mobile app, users can sign in directly or by scanning a QR code from the web dashboard. When SAML is enabled, mobile sign-in always goes through your identity provider. Admins can disable QR code sign-in in **Settings → Security**.
  </Accordion>

  <Accordion title="Are you approved by Slack?" id="slack-approval">
    Yes, incident.io has been approved by Slack and can be found in the Slack App Store
    [here](https://slack.com/apps/A01DEGPUHHC-incidentio?tab=more_info).
  </Accordion>

  <Accordion title="How do I delete my account or organization?" id="delete-organization">
    To delete your entire organization, see [Deleting your organization](/admin/delete-account). To remove an individual user account, see [Deleting users](/admin/delete-users).
  </Accordion>
</AccordionGroup>