Data Security

How Viable handles and secures data


Tools we use


Access to data


Application and endpoint security


Payments

How Viable handles and secures data

Viable adheres to best practice standards for ingesting, handling and protecting data as well as responding to vulnerabilities or incidents. Our goal is to ensure a high level of security for our customer data as well as our own.


Tools we use

PostgreSQL, with AES-256 at rest encryption.

Hasura is what we use to translate data from database into API.

Vercel is the tool we use for deployment automation and application hosting.

A backend search engine is where we store our indexes of ingested data.

NPM is for application dependency management and dependency vulnerability scanning.

Github is where we maintain our code base.


Access to data

Personally identifiable information (PII) from customer data is not stored in Viable. It is removed before it enters our system.

Access to data, including customer data, is restricted 24 hours a day, 7 days a week to authorized Viable employees only for purposes of conducting their job responsibilities. All Viable employees agree to adhere to confidentiality policies.

Viable does not employ contractors to access, handle, or otherwise manage data. All employee access to customer data is documented.

Secure access to data across applications is enforced across our internal infrastructure, with individual user accounts and SSO where possible.

AES-256 encryption is used to protect data-at-rest. Secure access via JWT and role-based rules are also applied. HTTPS is applied to data in motion. We ensure that applications and browsers interact with Viable only via HTTPS.

Customer data is stored in a shared database with defined access rules limited on a per-customer basis.

The Viable infrastructure team conducts regular monitors and logs access to the Viable platform as part of security procedures.

Data deletion requests will be completed within 30 days of request.


Application and endpoint security

Penetration and vulnerability testing

Viable uses NPM as a software package manager to conduct automated dependency vulnerability scans on deployment.

Viable follows CI/CD application development standards.

Code is reviewed by QA-trained engineers. Staging and production environments are maintained separately. 

DDoS mitigation and global CDN are in place via Vercel. Viable’s availability is 99.99%.
Starting in 2021, Viable will engage third-party security experts to conduct annual penetration tests across our infrastructure and product surface.

Security incident response

Viable’s engineering teams will prioritize any security incident, and focus on finding a remediation and deploying it immediately. The team is trained and experienced in security incident response best practices.

Audit logs are maintained for all API activity and stored in Logflare.

Privacy compliance

Standard contractual clauses for privacy regulatory compliance are applied. Privacy policy and terms of service are available at https://askviable.com/privacy-policy. 


Payments

All payments made to Viable are managed via payment processing platform Stripe. Payment information is handled directly between clients and Stripe. Payment information is never passed to Viable’s servers.


Viable Team

Viable Team

Staff

Last Updated: 03/31/21

Related walkthroughs

Typeform Zap for Viable

You can analyze customer feedback collected via Typeform by connecting Typeform to Viable via Zapier. Under Set up action choose the fields you want to analyze. We recommend you set up a separate Zap for each free text question/response. (We do not recommend setting up a Zap for multiple choice or …

Viable Team

Viable Team

Staff

Twitter Zap for Viable

You can analyze customer feedback from tweets by connecting Twitter to Viable via Zapier. Under Set up action choose the fields you want to analyze: You should be ready to turn on the Zap.

Viable Team

Viable Team

Staff

TrustRadius Zap for Viable

You can analyze reviews from TrustRadius by connecting TrustRadius to Viable via Zapier. Under Set up action choose the fields you want to analyze: You should be ready to turn on the Zap.

Viable Team

Viable Team

Staff