Information Security Overview
Information Security Overview

Information Security Overview

Introduction

Integrated Projects (IP) is committed to keeping your information secure, and ensuring private digital assets and spatial information are protected. The purpose of this document is to provide a high-level overview of Integrated Projects’ security controls, in a document that does not require a non-disclosure agreement (NDA) be in place between respective organizations. The information in this document is therefore not classified as confidential. When we speak of “Integrated Projects,” "IP," “we,” “us,” and “our,” we mean Integrated Projects, LLC and its personnel, an entity incorporated in accordance with the laws of New York State in the United States and with following contact details:

Integrated Projects, LLC

Office: 260 W 35th Street, Floor 13, New York, NY 10001

Mailing: 3333 Broadway, #D26A, New York, NY 10031

Phone: +1-646-685-3578

Contact email:

What You Can Expect From Us

We Provide a Broad Range of Design and Data Quantification Services

These terms help define the relationship between you and Integrated Projects (IP). We provide a broad range of useful Services on a contract basis to empower you with better information to visualize, design, and quantify your physical real estate locations, including:

  • 3D Scanning
  • 3D Modeling
  • Interior Design
  • Image Rendering
  • Data Quantification & Analysis

Our services are designed to work together, making it easier for you to get a comprehensive picture of your space or building's condition through virtual tours, photos, reports, drawings, and renderings—the digital assets.

From these, we extract additional spatial information (such as room dimensions, square footage calculations, room and equipment counts) pertaining to your space or building in the form of one's and zero's—the spatial information.

Collectively, these assets and information are stored within secure cloud servers, uploaded and presented to you within the IPx Client Portal. This enables you to view, download, share, and search for your project's assets and information.

Information Security Overview

IP has a formal information security program in place to protect your digital assets and information. The highlights are as follows:

  1. Personnel: Assigned members of staff that have been granted access to information and assets pertaining to specific private locations.
  2. Production Infrastructure: A documented Information Security Policy detailing administrative, technical and physical controls implemented at Integrated Projects to create, store, and present digital assets and spatial information.
  3. Information Usage & Security

Personnel

  • Employees, consultants, and third-party contractors, known as "Personnel" are required to acknowledge they have read the employment handbook and code of conduct.
  • Personnel access to internal files is managed by Integrated Projects via Google Drive Enterprise servers. Note: all file storage is cloud-based leveraging Google technology and Security protocol and, thus, IP does not own physical servers within its own workplace.
  • Personnel has access to digital files on a limited, per-project basis, and granted by an authorized supervisor within the Management team for the strict purposes to perform services per a contract entered into by the Client and IP.
  • Upon termination, a formal offboarding process is followed under the supervision of the IT and HR teams
  • Company-wide Information security and privacy training is conducted annually and upon the start of employment.

Production Infrastructure

Last Updated: 11/02/2020

Our production infrastructure consists of the hardware, software, and internal processes required to effectively perform services for you.

Our Technology Stack

ToolsPurposePersonnel AccessDescription
Google G Suite (Enterprise)
Administrative
Company-wide
Internal-Only. For email, word processing, calendar, scheduling, spreadsheets, and presentations.
Google Drive (Enterprise)
Store files
Company-wide
Internal-Only. For secure, cloud-based file storage of digital assets in Google Servers located in the United States.
Airtable
Database & track projects
ManagementEngineering
Internal-Only. For databasing of spatial information, kanban ticketing, order and task management
Autodesk (Revit, AutoCAD, and ReCap)
Create 3D & 2D BIM assets and information
EngineeringDesign
Internal-Only. For 3D drafting, modeling, point cloud registration, and production of technical drawings in a Building Information Modeling (BIM) environment.
Slack
Message team members
Company-wide
Internal-Only. For messaging and collaboration
Adobe Creative Suite
Create presentations & graphics
ManagementDesign
Internal-Only. For visual graphic creation & editing (Photoshop, InDesign, Illustrator)
Notion
Manage knowledge
Company-wide
Internal and External. Company-wide wiki, onboarding documentation, guidelines, and standard operating procedures
Squarespace
Edit website
ManagementMarketingEngineering
Internal-Only. Webpage creation for Public-facing website (www.integratedprojects.co), and IPx Client Portal (www.integratedprojects.us)
Typeform
Survey & collection external inputs
ManagementMarketing
Internal and External. For collecting surveys, feedback, and project requests from external parties. All inputs from Typeform go directly to Airtable to track and manage all responses.
DocSend
External document sharing
Management
Internal and External. For secure sharing of documents to external parties. Enables the tracking of documents.
Leica BLK360 (Hardware)
Create construction-grade point clouds
Reality CaptureManagement
Internal-Only. Lidar-based surveying camera used by Reality Capture Specialists to create a 3D point cloud.
Leica Cyclone 360 (Software)
Register construction-grade point clouds
Reality CaptureManagement
Internal-Only. Software used to stitch together raw files of 3D point cloud.
Matterport Pro2 (Hardware)
Create virtual tours & photos
Reality CaptureManagement
Internal-Only. Photogrammetry-based cameras used by Reality Capture Specialists to create a 3D scan,
My.Matterport (SaaS)
View virtual tours
Reality CaptureDesignManagement
Internal and External. Cloud-based SaaS that enables browser-based viewing of the 3D scan in the form of a virtual tour.
RoundMe
View 360 panorama renders
ManagementDesign
Internal and External. Cloud-based SaaS hosting platform that enables browser-based viewing of interior renders in 360 panorama format.

Asset Creation

List of Asset Services

Deliverable NameTypeFile FormatCreated WithHostedClient Access viaDescription
3D Virtual Tour
Digital Asset
URL or Embedded iFrame
Matterport Pro2
My.Matterport
IPx Client Portal
Interior Site Photos
Digital Asset
.JPG
Matterport Pro2Ricoh Theta Z1
GDrive
IPx Client Portal
Construction-Grade Point Cloud
Digital Asset
.RCS, .XYZ
Leica BLK360Leica Cyclone 360
GDrive
IPx Client Portal
3D Building Information Model: Architecture
BIM Digital Asset
.RVT
Autodesk Revit
GDrive
IPx Client Portal
3D Building Information Model: MEP
BIM Digital Asset
.RVT
Autodesk Revit
GDrive
IPx Client Portal
3D Building Information Model: Furniture & Equipment
BIM Digital Asset
.RVT
Autodesk Revit
GDrive
IPx Client Portal
CAD File: Architecture
CAD Digital Asset
.DWG
Autodesk RevitAutodesk AutoCAD
GDrive
IPx Client Portal
CAD File: MEP
CAD Digital Asset
.DWG
Autodesk RevitAutodesk AutoCAD
GDrive
IPx Client Portal
CAD File: Furniture & Equipment
CAD Digital Asset
.DWG
Autodesk RevitAutodesk AutoCAD
GDrive
IPx Client Portal
Location Report
Digital Asset
.PDF
Autodesk RevitAdobe InDesign
GDrive
IPx Client Portal
Interior Render
Digital Asset
.JPG
Autodesk Revit
GDrive
IPx Client Portal
360 Pano Render
Digital Asset
URL or Embedded iFrame
Autodesk RevitAdobe Photoshop
RoundMe
IPx Client Portal

Information Creation

Information Collected to Perform Services

NameData FormatInformation ClassGenerated by
Client Company Name
Text String
Company
Client
Company Contact Name
Text String
Personal
Client
Contact Email
Email
Personal
Client
Contact Phone Number
Phone Number
Personal
Client
Project Address
Text String
Location
Client
Project Type
Multiple Select
Location
Client
Project Condition
Multiple Select
Location
Client
Project Total Estimated Gross Square Feet
Integer
Location
Client
Total No. of Floors in Scope
Integer
Location
Client
Which Floors in Scope?
Text String
Location
Client
Services Requested
Multiple Select
Location
Client
Scope Requested
Multiple Select
Location
Client
Service Date
Date
Location
IP
Verified Gross Square Feet
Integer
Location
IP
Verified Usable Square Feet
Integer
Location
IP
Verified Deductible Square Feet Area
Integer
Location
IP
Room Labels
Text String
Location
IP
Room Counts
Integer
Location
IP
Equipment Labels
Text String
Location
IP
Equipment Counts
Integer
Location
IP
Ceiling Heights
Integer, Feet
Location
IP

The IPx Client Portal

The IPx Client Portal (at https://www.integratedprojects.us) authenticates users via generated passwords. MFA and SSO are not currently supported, but are being considered for a future product release. IPx users have either an admin or regular (‘Collaborator’) user role.

Space Access Control

3D spaces and associated assets created on the IPx Client Portal have a simple public/private access control model as follows:

  • All assets belonging to a space are private by default, and can only be accessed within the IPx Client Portal by authorized users.
  • If a space is not set to ‘Public’, it is only accessible to 1) Collaborators that have been given ‘Editor’ or ‘Viewer’ access to the model, or 2) Account admins in your account, 3) IP staff when necessary.
  • If a space is set to ‘Public’, users who have a URL link to it can access it.
  • Access to a space is logged and tagged with at least the source IP address and timestamp, however, these logs are only available to IP staff under normal circumstances.

Data Usage & Storage

Last Updated: 06/01/2020

Contact Information We collect contact information on our Website; the contact information collected varies depending on the webpage but typically includes some combination of your name, email address, institution information, and the information you provide in messages to us. We use such contact information for purposes such as responding to, and following up regarding, your inquiries, providing you with requested information, storing contact details into our customer relationship management database, providing you with a demo, speaking with you via our live-chat support option, or sending you email alerts (including marketing emails).

Server Logs Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and referral URL (i.e., the external source by which you arrived at our Website, or the pages you’ve clicked on while on our Website). We may use these log files for purposes such as assisting in monitoring and troubleshooting errors and incidents, analyzing web traffic, or optimizing the user experience.

Cookies We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive (or other storage medium) so that your computer will “remember” information about your visit. We may use both 1st and 3rd- party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.

  • Session Cookies: We use session cookies to make it easier for you to navigate our Website. A session ID cookie expires when you close your browser.
  • Persistent Cookies: A persistent cookie remains on your hard drive for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file. To the extent we provide a log-in portal or related feature on our Website, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. We may also use persistent cookies to track and target the interests of our Visitors to personalize the experience on our Website.

In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to our Website (e.g., email open rates, URL clickthroughs). If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of the Website may not function properly or as intended.

Aggregate Data In an ongoing effort to better understand our clients, uses, and the Website, we might analyze your information in aggregate form to carry out, maintain, manage, and improve operations in connection with the Services and Website. This aggregate information does not identify you, an organization, nor an institution specifically. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our services and the Website to current and prospective business partners and to other third parties for other lawful purposes.

Business Transfers In the event of a merger, dissolution, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Website Privacy Policy. This Website Privacy Policy shall be binding upon Company’s and its legal successors in interest.

Feedback We welcome feedback and suggestions about how to improve the Services. However, by transmitting any ideas, suggestions, information, or other material, you represent and warrant that such feedback does not infringe, misappropriate or violate the intellectual property or proprietary rights of any third party and that you have all rights necessary to convey such feedback to us. Any use of such feedback or suggestions will be without any compensation or recognition of any kind.

Disclosure to Public Authorities We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

What are we processing your information for and why are we processing it? (‘Purposes of data processing’, ‘legal basis of the data processing’ and ‘storage periods’)

We will process your information when we have to perform a contract, and we will be processing your information as long as the contractual relationship with you is in force and during the five years following the end of said relationship. This results in us having to process your information for purposes of providing you with both the Services, as well as to perform our obligations under the Services Terms and Conditions.

  1. To send you electronic commercial communications (if you subscribe to a newsletter) or to answer the requests you may address us when contacting us;
  2. To process information obtained through cookies, as described in more detail in the Cookie Policy, and subject to the terms set forth therein;
  3. For profiling purposes based on your behavior and how you browse the Site and use the Services, which pages you have visited, and to build audiences. Please note that we may profile users by means of cookies. In those cases, your acceptance of the installation and use of cookies results in a data processing for profiling purposes, as described in this paragraph.
  4. We may enrich the data we have about you by obtaining information from a select third party for data enrichment purposes, provided that you have given us prior permission. Enriching data allows us to analyze a deeper subset of data from which we may present personalized content.

Finally, we may also process your information to protect our legitimate interests, as long as said information is strictly necessary to fulfil the goals set forth below, namely:

  1. To review, monitor, investigate, and analyze how to improve the Services and/or the Site, as well as to keep our Services and the Site secure and operational and prevent abusive activity (e.g. fraud, spam, phishing activities, etc.). This may include sending you surveys to assess any problems in the service or know how to improve your user experience. The interests at stake are ensuring a correct and safe environment for both other users and us, taking those interests prevalence over your legitimate interests (we need to create and maintain an environment which is in accordance with the law, the legitimate interests of other parties, what other users may expect from our end, and to protect other users’ security when accessing the Site and using the Services);
  2. Besides any commercial electronic and non-electronic commercial communication sent when we have obtained your consent as mentioned above, we may also send you those kind of communications when you are our client. In this last case, we will only send you information belonging to us and concerning services and/or products identical or similar to the ones you have contracted with us. In these cases, we have a legitimate interest in processing your information to keep you informed about any of our products and services, prevailing this interest over your right to personal information given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting these kinds of communications; and
  3. Upon dissociating the information we have so as to be impossible to be associated to you or any other person, to perform statistical and other analysis on information we collect (technical and metadata) to analyze and measure user behavior and trends, to understand how people use our services, in order to improve and optimize our performance of such services.

To which extent do we require to have access to your information?

We need to process your information to perform the legal and contractual obligations mentioned in the above section above. Otherwise, we are not able to provide you with the Services and/or access to the Site. On the other hand, for information processing which depends on your consent or on our legitimate interests, the information processing is not legally required.

Which companies will have access to your information?

We share your information with our consultants and contractors who help us to provide the Services to you, in which case those third parties are required to strictly comply with our internal standards, policies, and technical and organizational measures that ensure that your information is protected and kept confidential at all times, and only in accordance with and to the extent authorized by this Privacy Policy.

We may also share your information with competent courts and authorities, when we are legally required to do so (for instance, to allow such bodies to investigate, prevent, or take action against illegal activities), or we have to take action to protect our rights or any third party rights.

Your rights

You have the right to withdraw your consent at any time. You also have the right to request access to, and rectification of, or erasure of your information, or restriction of processing, or to object to processing, as well as the right to data portability. Please note that if you choose to cancel your data, your account will be deleted and all data in your account will be permanently deleted from our systems.

We allow you to exercise the above-mentioned rights at any time by contacting, by contacting us directly via email at partner@integratedprojects.co.