Customer data is stored in multiple locations in our hosting provider’s data centers to ensure availability. We operate a business continuity program that includes backup and restoration procedures that are regularly reviewed and tested.
AWS data centers have round-the-clock security and strict controls for physical access. Learn more about AWS physical security.
The Vault Platform operations team are on-call 24/7 to support the service.
Data encryption in transit and at rest
Vault utilizes some of the most advanced technology for Internet security available today. When you access the application using a browser or through our mobile app, Transport Layer Security (TLS) technology protects your information using server authentication and encryption, ensuring that your data is safe and secure.
We provide regular training for our engineers in secure coding, that covers key OWASP security risks, common attacks and security controls best practices.
As part of the software development process at Vault, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested using a quality assurance process to help ensure an expected, consistent, experience across supported devices and platforms.
Organizational Security and Practices
All Vault employees are vetted before joining and are required to complete annual security awareness training. Training topics include information security, data privacy and risk mitigation.
All Vault employee work devices are configured with full-disk encryption, strong password protection, and employees are prohibited from using unauthorized software or portable media.
Administrative access to systems within the production environment is limited to staff with a specific need to support our services. Access to our servers is monitored and audited, we regularly review system and access logs.
If you believe you have found a security vulnerability, please let us know straight away at [email protected]