How it works
InCountry’s global infrastructure securely manages your regulated data.
Store regulated data with InCountry
Just like with PCI compliance, your application continues to work as it always has with its own data store. InCountry augments your existing data store by adding an additional data store for regulated data.
InCountry stores your records in two top-tier data centers for each country
InCountry uses a database principle called two phase commits to ensure that your data is kept in sync across two separate data centers for each country.
The InCountry SDK directs data to and from our in-country data stores
Your application uses the InCountry SDK to store and retrieve records in specific countries using their ISO 2 letter country code.
The InCountry SDK enables your application to communicate securely
Your application connects to InCountry using TLS 1.2 and a revocable API key.
The InCountry SDK uses two different types of world class encryption to store your data
The InCountry SDK encrypts each of a record’s searchable fields using a hash. The full record is encrypted using a symmetric key with AES-256. Your application fully controls the encryption keys and the InCountry SDK is compatible with key management systems.
The InCountry SDK retrieves records using the hashed keys
The InCountry SDK finds a record using the hashed version of the search fields and returns the full record for your application to decrypt.
The InCountry SDK uses encryption, not tokenization
Tokenization is useful for storing information like credit card numbers that have a fixed length, and in use cases where the token can fit in the space of the original data. With tokenization, the vendor has full visibility into your data. Encryption is useful for securely storing arbitrary amounts of information like health care data. With encryption, you can retain your encryption keys and the vendor does not have visibility into your data.
InCountry Border keeps data within a country’s borders with no coding changes
InCountry Border is a proxy layer running within InCountry points of presence. Your global web application can route web service calls between a user’s browser and the web application through the InCountry proxy. InCountry Border uses a domain overlay to authenticate users and automatically removes and encrypts specified fields with PII and then re-inserts the fields on subsequent web service calls.
InCountry single-tenant offers dedicated and isolated databases
Fully isolated databases with custom tables
- Managed service provider offering
- Fully isolated and dedicated API and database in each PoP
- Field level encryption settings
InCountry REST API integrates directly with your application
REST API is an easy to setup solution that maps to existing REST microservices and is integrated directly with application servers. When reading or writing a payload of non-regulated data, the application will use existing function calls to exchange data with the non-regulated data store hosted in an offshore datacenter.
InCountry’s turnkey SaaS integrations stores, processes, and controls access within a country.
InCountry’s SaaS integrations support Salesforce, Mambu, Twilio, Segment, and more.
- Store regulated data with InCountry
- InCountry stores your records in two top-tier data centers for each country
- The InCountry SDK directs data to and from our in-country data stores
- The InCountry SDK enables your application to communicate securely
- The InCountry SDK uses two different types of world class encryption to store your data
- The InCountry SDK retrieves records using the hashed keys
- The InCountry SDK uses encryption, not tokenization
- InCountry Border keeps data within a country’s borders with no coding changes
- InCountry single-tenant offers dedicated and isolated databases
- InCountry REST API integrates directly with your application
- InCountry’s turnkey SaaS integrations stores, processes, and controls access within a country.