Security at Vainu
We understand the utmost importance of keeping your data safe and protected. That is why security is a top priority and evaluated in everything we do at Vainu. We continuously seek the best practices in both technical solutions and processes to ensure that your data is safe with us.
Why does Vainu need your data?
The data is collected to provide you with the most functioning, valuable service, e.g. to authenticate, to send you sales signals that relate to companies of your interest, to enable searching companies based on your CRM data and to revert changes.
Your data is never disclosed to other Vainu users nor used in generating sales signals or contacts databases. Vainu pursues to deeply understand its users to deliver the most useful features, products, and in the end: the most valuable service. During this learning process, various kinds of information are analyzed to detect relevant usage patterns and trends. Should Vainu process customer-related data in this, it will always be done in an aggregated, anonymized way.
What kind of data is collected?
Vainu displays or stores only such customer information that is required to provide you with the best possible service. These data points are collected as little as possible, only for a genuine need of a useful feature. The data mostly concerns structured data about companies and sales opportunities. Descriptions about specific collected data points and their use cases are available upon request from support@vainu.io.
Recovery
Backups
Providing data is at the core of Vainu so data availability is taken very seriously. Vendors of business-critical systems are selected carefully to allow maximum availability. An uptime SLA of 99.99% is required. To avoid any data loss, backups are taken automatically either in real-time (customer-related data) where data is mirrored to multiple database servers or by specific, appropriate intervals (non-customer-related data).
The process of restoring data from backups is tested regularly.
Disaster Recovery Plan
To prevent service interruptions, our business-critical hosting providers (AWS, MongoDB Atlas) are required to have the capability to deal with foreseeable risks, such as power outages, theft, and fire. Providers’ services are available in multiple regions around the globe, which gives high resilience against local interruptions. Vainu is also prepared for the unlikely events with a comprehensive recovery plan. Its main purpose is to minimize service interruptions and ensure the continuous development of the service.
Application Security
Authentication
To access your data, every user must have either a federated identity from your organizations identity provider or a unique, valid username/password combination. Your account superuser has visibility and control over these users.
Vainu’s application server does not return customer data to any API call without authentication and authorization.
Network Security
Whenever data is being transferred over the network, it is always done by using secure HTTPS connections, where information is encrypted by Secure Socket Layer (SSL). Vainu only supports TLS 1.2 (and above) protocols when making requests to its API.
All the application servers and database servers are protected with encryption, network isolation and firewalls. All services are hosted within the EU area.
Data Security
All the customer-related data is stored in as anonymized way as possible without losing the ability to provide the service. Thus, it is impossible to form an understandable nor useful dataset without having a wide understanding of the system or by having access only to a specific database.
Servers are hosted by the industry-standard providers (AWS and MongoDB Atlas hosted by AWS) that must comply with industry-standard assurance programs on information security (e.g. SOC 2 and ISO 27001). This means that the servers run in a physically secured environment and are maintained by security-aware people. All the database servers that handle your data are security-hardened and encrypted.
Vulnerability checks – as well as anti-virus and malware checks – are performed automatically to avoid intrusions. These detectors are updated automatically by AWS. Furthermore, regular vulnerability audits are performed by third parties to ensure a high level of security.
People & Processes
Access
Since all the software development regarding the applications and data processing is being done by Vainu – not by external contractors – the only parties that have something to do with your data are Vainu and its hosting providers. The hosting partners (AWS and MongoDB Atlas hosted by AWS) are carefully selected industry-standard providers that must comply with strict information security standards (ISO 27001, ISO 27017, ISO 27018, SOC).
Access to your data is limited strictly to people who have a clear reason to process it: to resolve your issues or to provide you with a better service. The principle of least privilege is applied across the team and access rights are reviewed on a regular basis.
Everyday Security
Vainu has a comprehensive information security policy that is approved by the upper management and reviewed on a regular basis. Fundamentals of strong information security are communicated and documented internally but also required by contracts.
Every piece of software is reviewed partially automatically and partially by peers against our policies and best practices.
If you want to submit a vulnerability report, feel free to send it to security@vainu.io.