Viable adheres to best practice standards for ingesting, handling and protecting data as well as responding to vulnerabilities or incidents. Our goal is to ensure a high level of security for our customer data as well as our own.
PostgreSQL, with AES-256 at rest encryption.
Hasura is what we use to translate data from database into API.
Vercel is the tool we use for deployment automation and application hosting.
A backend search engine is where we store our indexes of ingested data.
NPM is for application dependency management and dependency vulnerability scanning.
Github is where we maintain our code base.
Personally identifiable information (PII) from customer data is not stored in Viable. It is removed before it enters our system.
Access to data, including customer data, is restricted 24 hours a day, 7 days a week to authorized Viable employees only for purposes of conducting their job responsibilities. All Viable employees agree to adhere to confidentiality policies.
Viable does not employ contractors to access, handle, or otherwise manage data. All employee access to customer data is documented.
Secure access to data across applications is enforced across our internal infrastructure, with individual user accounts and SSO where possible.
AES-256 encryption is used to protect data-at-rest. Secure access via JWT and role-based rules are also applied. HTTPS is applied to data in motion. We ensure that applications and browsers interact with Viable only via HTTPS.
Customer data is stored in a shared database with defined access rules limited on a per-customer basis.
The Viable infrastructure team conducts regular monitors and logs access to the Viable platform as part of security procedures.
Data deletion requests will be completed within 30 days of request.
Penetration and vulnerability testing
Viable uses NPM as a software package manager to conduct automated dependency vulnerability scans on deployment.
Viable follows CI/CD application development standards.
Code is reviewed by QA-trained engineers. Staging and production environments are maintained separately.
DDoS mitigation and global CDN are in place via Vercel. Viable’s availability is 99.99%.
Starting in 2021, Viable will engage third-party security experts to conduct annual penetration tests across our infrastructure and product surface.
Security incident response
Viable’s engineering teams will prioritize any security incident, and focus on finding a remediation and deploying it immediately. The team is trained and experienced in security incident response best practices.
Audit logs are maintained for all API activity and stored in Logflare.
All payments made to Viable are managed via payment processing platform Stripe. Payment information is handled directly between clients and Stripe. Payment information is never passed to Viable’s servers.
Last Updated: 03/31/21
Typeform Zap for Viable
You can analyze customer feedback collected via Typeform by connecting Typeform to Viable via Zapier. Under Set up action choose the fields you want to analyze. We recommend you set up a separate Zap for each free text question/response. (We do not recommend setting up a Zap for multiple choice or …
Twitter Zap for Viable
You can analyze customer feedback from tweets by connecting Twitter to Viable via Zapier. Under Set up action choose the fields you want to analyze: You should be ready to turn on the Zap.
TrustRadius Zap for Viable
You can analyze reviews from TrustRadius by connecting TrustRadius to Viable via Zapier. Under Set up action choose the fields you want to analyze: You should be ready to turn on the Zap.