Trust and Security
At RocketVisor, we believe that the cornerstone of trust is security. We work tirelessly to maintain that trust with our world-class systems and processes. As such, we have put in place the following procedures to safeguard your data and allow your company to fulfill it’s duty to your customers:
Best Practices: Protocols & Policies
- Full review of major initiatives by RocketVisor Security Council (“RVSC”) for threat assessment and security evaluation
- Quarterly internal audit of systems and processes by RVSC for security vulnerabilities and best practices
- Notification of known breaches to appropriate parties within 24 hours
Monitoring & Logging
Our operations team constantly monitors the health and security of our servers.
- Daily monitoring of system health and scanning of security vulnerabilities, both manual and automated
- Detailed access logs of every data transfer for monitoring and audit, and automated alerts around anomalous or root access
- Quarterly review of security monitoring procedures by RVSC
Data Transfer & Networking
How our data travels: Encryption. Always.
- Industry standard SSL encrypted communication for authentication and data communication with all servers
- Minimal data transfer by optimizing local data storage on customers’ machines
- Virtual Private Cloud configuration creates firewalls around our systems
Data Storage, Access & Protections
Who has access and what they see.
- We limit access to all systems and data on an as-needed basis
- All employees and contractors undergo strict vetting and are obligated not to disclose any customer data they may come into contact with
- Tight access controls and permissions, quarterly review by RVSC
- Broad system-level permissions hierarchy, and granular data-level authorization tagging built-in
- All customer data stored in an encrypted data warehouse with anonymous key relationships
- All analytic data stored in an encrypted data warehouse without any personally identifiable information
Data Backups & Disaster Recovery
Data loss is not an option.
- Customer data is 100% backed up to online replicas
- Our operations team monitors platform and application behavior for anomaly detection
- All services are configured in automatic scaling groups that scale up to meet peak demand
- We will proactively notify you of any customer-impacting situation
RocketVisor currently complies fully with the EU and EEA laws regarding transfer of data subject information to a data processor.
- Customers maintain full ownership of their data, which can be exported in its entirety upon request during your contract and for 60 days following.
- Our primary data sub-processors, e.g. Amazon Web Services, maintain industry-leading security standards (where possible, SOC2 and/or ISO 27001 certifications) and undergo periodic vendor reviews.
- Sensitive customer data is encrypted at rest and when traversing over public networks.
Last Updated on October 18, 2018