How it works

Just like with PCI compliance, your application continues to work as it always has with its own data store. InCountry augments your existing data store by adding an additional data store for regulated data.

InCountry uses a database principle called two-phase commits to ensure that your data is kept synchronized across two separate data centers for each country.

InCountry’s SaaS integrations support the leading SaaS platforms and applications like Salesforce, Veeva System, Cegid, and more.

Your application uses the InCountry REST API (including SDK) to store and retrieve records in specific countries using their ISO two-letter country code.

Your application connects to the InCountry platform using TLS 1.2 and a revocable access token.

The InCountry REST API (including SDK) encrypts the full record using a symmetric key with AES-256. You control the encryption keys that are compatible with key management systems. Optionally, you can hash record’s searchable fields with SHA-256 for lookup operations.

Tokenization is useful for storing information like credit card numbers that use a fixed pattern, and in use cases where the token can resemble original data. With tokenization, the vendor can reveal your data as you keep mappings between tokens and actual values. Encryption is useful for secure retention of arbitrary amounts of information like healthcare data. With encryption, you can retain your encryption keys and the vendor cannot reveal your data.

InCountry Border is a proxy layer running within InCountry’s points of presence. Your global web application can route web service calls between a user’s browser and the web application through InCountry Border. It uses a domain overlay to authenticate users and automatically redacts specified fields with PII or unredacts these fields on subsequent web service calls.

REST API is an easy to set up solution that directly integrates with existing REST microservices and application servers. When reading or writing a payload of non-regulated data, the application will use existing function calls to exchange data with the non-regulated data store hosted in an offshore data center.