Data Security

How Viable handles and secures data


Tools we use


Access to data


Application and endpoint security


Payments

How Viable handles and secures data

Viable adheres to best practice standards for ingesting, handling and protecting data as well as responding to vulnerabilities or incidents. Our goal is to ensure a high level of security for our customer data as well as our own.


Tools we use

PostgreSQL, with AES-256 at rest encryption.

Hasura is what we use to translate data from database into API.

Vercel is the tool we use for deployment automation and application hosting.

A backend search engine is where we store our indexes of ingested data.

NPM is for application dependency management and dependency vulnerability scanning.

Github is where we maintain our code base.


Access to data

Personally identifiable information (PII) from customer data is not stored in Viable. It is removed before it enters our system.

Access to data, including customer data, is restricted 24 hours a day, 7 days a week to authorized Viable employees only for purposes of conducting their job responsibilities. All Viable employees agree to adhere to confidentiality policies.

Viable does not employ contractors to access, handle, or otherwise manage data. All employee access to customer data is documented.

Secure access to data across applications is enforced across our internal infrastructure, with individual user accounts and SSO where possible.

AES-256 encryption is used to protect data-at-rest. Secure access via JWT and role-based rules are also applied. HTTPS is applied to data in motion. We ensure that applications and browsers interact with Viable only via HTTPS.

Customer data is stored in a shared database with defined access rules limited on a per-customer basis.

The Viable infrastructure team conducts regular monitors and logs access to the Viable platform as part of security procedures.

Data deletion requests will be completed within 30 days of request.


Application and endpoint security

Penetration and vulnerability testing

Viable uses NPM as a software package manager to conduct automated dependency vulnerability scans on deployment.

Viable follows CI/CD application development standards.

Code is reviewed by QA-trained engineers. Staging and production environments are maintained separately. 

DDoS mitigation and global CDN are in place via Vercel. Viable’s availability is 99.99%.
Starting in 2021, Viable will engage third-party security experts to conduct annual penetration tests across our infrastructure and product surface.

Security incident response

Viable’s engineering teams will prioritize any security incident, and focus on finding a remediation and deploying it immediately. The team is trained and experienced in security incident response best practices.

Audit logs are maintained for all API activity and stored in Logflare.

Privacy compliance

Standard contractual clauses for privacy regulatory compliance are applied. Privacy policy and terms of service are available at https://askviable.com/privacy-policy. 


Payments

All payments made to Viable are managed via payment processing platform Stripe. Payment information is handled directly between clients and Stripe. Payment information is never passed to Viable’s servers.


Viable Team

Viable Team

Staff

Last Updated: 03/31/21

Related walkthroughs

Appbot Zap for Viable

You can instantly analyze user reviews posted via Appbot by sending those reviews to Viable through Zapier. Choose Appbot as the trigger >> app event Then choose New Review as the trigger event Click Continue and then click to sign in to your Appbot account Under Set up trigger , select the …

Viable Team

Viable Team

Staff

How we handle customer feedback data

At Viable, we save you time and effort by automating the manual and time-consuming tasks of tagging and structuring qualitative customer feedback for analysis. We do this by connecting to popular data sources such as helpdesk platforms, survey tools, product review apps, and spreadsheets. Synching …

Viable Team

Viable Team

Staff

Formatting CSV files to speed up ingestion into Viable

A lot of customer text data you want to analyze comes in CSV format. Free form responses in NPS, CSAT, and in-app surveys, as well as product reviews are some examples. CSV documents, however, don’t all come formatted in the same way. To speed up CSV data ingestion so you can start asking questions …

Viable Team

Viable Team

Staff