We take security with the utmost importance here at Interseller. Here’s what we do to ensure we keep all of our data safe.


  • All requests to Interseller including any interim connections across Interseller’s infrastructure is secured with HTTPS and/or SSL. Any connection or request using unsecured protocols, like HTTP, are redirected to its counterpart or terminated.
  • Interseller uses HSTS, a protocol with well-known browsers that lets them know and enforce that our website uses HTTPS and should ignore HTTP.
  • All data and customer data is encrypted at rest and encrypted in transit.
  • All secret keys and customer keys (e.g. integrations) are encrypted with hardware security modules (HSM) for extra protection.
  • Credit cards are stored and processed security with Stripe, which is PCI Level 1 compliant.


  • All data is hosted and secured in a private environment. All publicly facing endpoints and IP addresses are firewalled.
  • Access to our environment requires two-factor authentication and is allowed only from well-known employee IP addresses. Access attempts are logged securly and audited perodically.
  • We utilize denial of service (DOS) protection services and web application firewalls (WAF) to ensure our services are protected from attacks.


  • Interseller is privacy shield certified and complies with the EU General Data Protection Regulation (GDPR).
  • You can request your data to be deleted at any time which is usually processed within 7-10 days of request.

Inbox Access.

  • Interseller has access to your inbox so that we can send emails on your behalf and know when your contacts in Interseller reply back to you.
  • Interseller does not store any copies of your inbox on its servers. Interseller does keep copies of emails we send on your behalf and the first response from a contact directly to an email we’ve sent.

Third Parties.

  • Interseller utilizes third parties to help us with support and account management services.
  • Data shared to our third parties are limited to name and email address only. Absolutely no email data is ever shared with our partners.
  • Interseller periodically audits its third-parties and partners to ensure the that our customer data is kept secure.

Internal Policies.

  • We enforce two-factor authentication (2FA) with all sensitive data processors such as Slack, G Suite, Intercom and Stripe.
  • We utilize a password manager to secure online accounts and share them across our team.
  • We go through yearly scheduled security testing including security assessments with our partners. To obtain a copy of our report, please email
  • Interseller is SOC 2 Type 1 certified and is working on Type 2 certification. To obtain a copy of our report, please email
  • All employees and contractors sign a non-discolsure agreement.

Bounty Program.

We ask for security researches to report any security exploit to Qualifying reports will be answered within 5 days and will be paid via PayPal on patch release. Reward amounts will depend exclusively on the severity of the vulnerability and has an upper limit of $750.00 USD. We do not reward researches for DOS, automated scripts, mixed-content scripts, social engineering, regular bugs, or not adhering to “best practices”. Please include the following information when submitting a report:

  • Technical details of the vulnerability. Please include step-by-step instructions so we can reproduce it on our side. A video is greatly appreciated.
  • Scope and impact of the vulnerability including what type of data an attacker can access.