Security policy

Safeguarding your private and sensitive data is the top priority of Vizito. What does Vizito do to guarantee the safety of your data?

Hosting

Vizito is a software company and not a hosting company. Therefore, we strongly believe that the hosting of our servers has to be done by the best experts. Vizito believes that Leaseweb Global B.V. is the best hosting company for Vizito.

Leaseweb gives us a lot of flexibility, allowing us to:

  • manage OS updates and patches;
  • choose the physical location of the server;
  • manage encryption strategies for data-storage.

Continuity

The data is saved redundantly and it is synchronously replicated between two locations in Europe:

Frankfurt Amsterdam

Leaseweb invests heavily in security and they achieved ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 certifications. Their external audit partners are recognized all around the world.

Read about the security measurements of Leaseweb.

Reliability

Our architecture is fully redundant: when one or more hardware components fail, Vizito will stay accessible.

We maintain 99,9% uptime and apply continuous deployment, allowing multiple releases a day without any downtime.

Encryption

Vizito uses TLS-encryption by default on all connections with sensitive data.

Using TLS, private data is never sent or received as human-readable text. By implementing a sophisticated multi-tenant system, we can keep sensitive data separated for each account.

We frequently test the strength of our TLS-encryption. The results can be found on the Qualys SSL Labs website.

The passwords we store are hashed using a one-way hash, meaning that we cannot access the password under any circumstances. You can always reset your passwords using your email address.

Our servers are protected by two firewalls: an edge firewall and an internal firewall. We also use fail2ban to protect us from DDoS attacks and to ban IP addresses after 5 failed login attempts.

Monitoring

All of our systems are monitored 24/7 and the Vizito team gets an upfront alert when things are about to go haywire. Alerts are automatically escalated to superiors when it remains unanswered.

Vulnerability Disclosure Policy

At Vizito, we understand the importance of community involvement in maintaining robust security standards. We are committed to managing technical vulnerabilities effectively and encourage the responsible disclosure of any security issues.

Researchers, customers, and users are urged to report potential vulnerabilities directly to our dedicated security team. Please send your findings to bugbounty@vizito.eu.

Upon receiving a report, we will investigate the issue promptly and work collaboratively with the reporting individual to address the identified concerns. Additionally, Vizito actively participates in threat intelligence and information-sharing forums to stay ahead of emerging security challenges.

We appreciate your contributions to our security efforts and aim to resolve reported issues in a timely and responsible manner.

Try Vizito for free