Yes, we take data privacy, security, and compliance very seriously. We follow several standards and protocols to protect all your user data and transactional information. Our compliance consultants work closely with major cloud providers and security agencies to make sure we follow best practices and security measures.
How is my data encrypted?
- All traffic in, out, and within the Vizury infrastructure is TLS encrypted.
- We also make sure all the data is encrypted at rest.
- Any personally identifiable information like email, username, or phone number is base64 encoded.
How are users authenticated?
We support SSO via Oauth2 implementation. When a user tries to log in to Vizury we redirect the user to our Oauth2 server where secure login takes place, based on successful authentication control is returned back to Vizury.
- All email & passwords are hashed and never stored as plain text
- We support SAML & Oauth2
- We support Google G Suite ( domain restricted ) for enhanced security.
Where is your infrastructure hosted & how secure is your service?
All of Vizury's application and data is hosted on (AWS), We strictly follow AWS best practices and guidelines for end-to-end security and privacy. Some notable practices that we follow
- Our services are distributed across separate availability zones (data centers).
- Our entire infrastructure is within our virtual private cloud (VPC) with restricted production access.
- All our services are IP whitelisted and publicly accessible portals are open on port 443
For more details on AWS Security
How Uptime and Data availability is handled?
We strive for 99.99% uptime across all our products & services, We constantly monitor our services with alerts and notifications, our dedicated operations, and support team has a quick turnaround time to resolve any downtime.
- All data is backed up with a point in time snapshot for data recovery.
- All incidents are reported to our on-call teams and prioritized based on severity.
- Any migration or updates to our software is informed to the client with prior notice of 30 days.
What are your Engineering and Operational Practices?
We follow a number of engineering best practices to make sure our products and services across Vizury can deliver 99.99% uptime.
- Continuous integration and delivery: All our microservices are deployed using continuous integration and continuous deployment strategies to automate the way we deploy code to production.
- We constantly run audits from independent security firms to make sure we comply with the latest security guidelines.
- We run multiple levels of manual and automated tests on our systems and codebase.
- We enable fine-grained permission to access our machines and codebase using protected by a dedicated Virtual Private Network (VPN).
Do you store my notifications data that is posted via send API?
No, Any payload that is posted to our push notifications send API will not be persisted in our database. We will collect the payload data and transform it in a format that our SDK listener expects. During this transaction, we log the status of the message and this status log can be sent to our clients in realtime over a webhook call.