Data security

About Viable
Data security

How Viable handles and secures data

Viable adheres to best practice standards for ingesting, handling and protecting data as well as responding to vulnerabilities or incidents. Our goal is to ensure a high level of security for our customer data as well as our own.

SOC 2 certification

The SOC 2 standard applies to organizations that manage customer data around specific criteria: security, availability, processing integrity, confidentiality, and privacy. A company with a SOC 2 certification has demonstrated that it has developed controls that meet the stated criteria and maintains high standards of information security practices.

There are two types of SOC 2 compliance: type 1 and type 2.

Viable is currently certified for type 1 and working to get type 2 certification. Viable received its type 1 certification on January 10, 2022.

For more information, visit the SOC page at the AICPA website.



Tools we use

PostgreSQL, with AES-256 at rest encryption.

Hasura is what we use to translate data from database into API.

Vercel is the tool we use for deployment automation and application hosting.

A backend search engine is where we store our indexes of ingested data.

NPM is for application dependency management and dependency vulnerability scanning.

Github is where we maintain our code base.


Access to data

Personally identifiable information (PII) from customer data is not stored in Viable. It is removed before it enters our system.

Access to data, including customer data, is restricted 24 hours a day, 7 days a week to authorized Viable employees only for purposes of conducting their job responsibilities. All Viable employees agree to adhere to confidentiality policies.

Viable does not employ contractors to access, handle, or otherwise manage data. All employee access to customer data is documented.

Secure access to data across applications is enforced across our internal infrastructure, with individual user accounts and SSO where possible.

AES-256 encryption is used to protect data-at-rest. Secure access via JWT and role-based rules are also applied. HTTPS is applied to data in motion. We ensure that applications and browsers interact with Viable only via HTTPS.

Customer data is stored in a shared database with defined access rules limited on a per-customer basis.

The Viable infrastructure team conducts regular monitors and logs access to the Viable platform as part of security procedures.

Data deletion requests will be completed within 30 days of request.


Application and endpoint security

Penetration and vulnerability testing

Viable uses NPM as a software package manager to conduct automated dependency vulnerability scans on deployment.

Viable follows CI/CD application development standards.

Code is reviewed by QA-trained engineers. Staging and production environments are maintained separately.

DDoS mitigation and global CDN are in place via Vercel. Viable’s availability is 99.99%.
Starting in 2021, Viable will engage third-party security experts to conduct annual penetration tests across our infrastructure and product surface.

Security incident response

Viable’s engineering teams will prioritize any security incident, and focus on finding a remediation and deploying it immediately. The team is trained and experienced in security incident response best practices.

Audit logs are maintained for all API activity and stored in Logflare.

Privacy compliance

Standard contractual clauses for privacy regulatory compliance are applied. Privacy policy and terms of service are available at https://askviable.com/privacy-policy.


Payments

All payments made to Viable are managed via payment processing platform Stripe. Payment information is handled directly between clients and Stripe. Payment information is never passed to Viable’s servers.

Data security
Viable Team
January 10, 2022
Daniel Erickson
October 19, 2023
Discover the seamless integration process of combining Salesforce Service Cloud's capabilities with Viable's AI analytics prowess.
READ MORE
Viable Team
February 4, 2022
Understand what your customers are telling you without sacrificing speed, completeness, or accuracy with feedback reports from Viable...
READ MORE
Viable Team
March 8, 2021
You can analyze Pendo feedback or comments by connecting Pendo to Viable in Zapier. Use our Pendo Feedback Zapier templates for new…
READ MORE

Get your first report free

Book a demo to get immediate insights from your customer feedback.

Understand your feedback

Data security

Data security

How Viable handles and secures data

Viable adheres to best practice standards for ingesting, handling and protecting data as well as responding to vulnerabilities or incidents. Our goal is to ensure a high level of security for our customer data as well as our own.

SOC 2 certification

The SOC 2 standard applies to organizations that manage customer data around specific criteria: security, availability, processing integrity, confidentiality, and privacy. A company with a SOC 2 certification has demonstrated that it has developed controls that meet the stated criteria and maintains high standards of information security practices.

There are two types of SOC 2 compliance: type 1 and type 2.

Viable is currently certified for type 1 and working to get type 2 certification. Viable received its type 1 certification on January 10, 2022.

For more information, visit the SOC page at the AICPA website.



Tools we use

PostgreSQL, with AES-256 at rest encryption.

Hasura is what we use to translate data from database into API.

Vercel is the tool we use for deployment automation and application hosting.

A backend search engine is where we store our indexes of ingested data.

NPM is for application dependency management and dependency vulnerability scanning.

Github is where we maintain our code base.


Access to data

Personally identifiable information (PII) from customer data is not stored in Viable. It is removed before it enters our system.

Access to data, including customer data, is restricted 24 hours a day, 7 days a week to authorized Viable employees only for purposes of conducting their job responsibilities. All Viable employees agree to adhere to confidentiality policies.

Viable does not employ contractors to access, handle, or otherwise manage data. All employee access to customer data is documented.

Secure access to data across applications is enforced across our internal infrastructure, with individual user accounts and SSO where possible.

AES-256 encryption is used to protect data-at-rest. Secure access via JWT and role-based rules are also applied. HTTPS is applied to data in motion. We ensure that applications and browsers interact with Viable only via HTTPS.

Customer data is stored in a shared database with defined access rules limited on a per-customer basis.

The Viable infrastructure team conducts regular monitors and logs access to the Viable platform as part of security procedures.

Data deletion requests will be completed within 30 days of request.


Application and endpoint security

Penetration and vulnerability testing

Viable uses NPM as a software package manager to conduct automated dependency vulnerability scans on deployment.

Viable follows CI/CD application development standards.

Code is reviewed by QA-trained engineers. Staging and production environments are maintained separately.

DDoS mitigation and global CDN are in place via Vercel. Viable’s availability is 99.99%.
Starting in 2021, Viable will engage third-party security experts to conduct annual penetration tests across our infrastructure and product surface.

Security incident response

Viable’s engineering teams will prioritize any security incident, and focus on finding a remediation and deploying it immediately. The team is trained and experienced in security incident response best practices.

Audit logs are maintained for all API activity and stored in Logflare.

Privacy compliance

Standard contractual clauses for privacy regulatory compliance are applied. Privacy policy and terms of service are available at https://askviable.com/privacy-policy.


Payments

All payments made to Viable are managed via payment processing platform Stripe. Payment information is handled directly between clients and Stripe. Payment information is never passed to Viable’s servers.

Data security
Viable Team, January 10, 2022
Activity view
Activity view
Viable Team
Viable Team, September 26, 2023
The Activity View shows you a feed of all questions previously asked along with their corresponding answers. It’ll show your questions as…
Read More
Reports
Reports
Viable Team
Viable Team, September 26, 2023
Understand what your customers are telling you without sacrificing speed, completeness, or accuracy with feedback reports from Viable...
Read More
Integrate Salesforce Service Cloud with Viable: A Step-by-Step Guide
Integrate Salesforce Service Cloud with Viable: A Step-by-Step Guide
Daniel Erickson
Daniel Erickson, January 23, 2024
Discover the seamless integration process of combining Salesforce Service Cloud's capabilities with Viable's AI analytics prowess.
Read More