Data Security
& Privacy

Our commitment to protect your data

From the start, we have taken significant measures to protect your personal data on our platform and within our company processes. Below we describe the steps and process we take to ensure the security and privacy of your data.

Data Privacy

GDPR

The General Data Protection Regulation (GDPR) is a comprehensive EU data privacy law states that everyone has a right to protection of their data. Verifiable complies with the guidelines provided under GDPR which are detailed in our GDPR Compliance Policy.

Privacy Shield

The EU-US and Swiss-US Privacy Shield frameworks are a set of guidelines to protect personal data being transferred from the EU and Switzerland to the U.S. Verifiable completed the certification process to become Privacy Shield compliant and is included on the Privacy Shield list of participants viewable here. Further details about how Verifiable is available in our Privacy Policy.

Data Security

End-to-end Encryption

All customer data is encrypted with the latest recommended secure cipher suites and protocols. All data in transit is encrypted using 256-bit SSL. Customer and system data as well as all backups and snapshots are encrypted at rest with 256-bit AES encryption. User communication is done via HTTPS using TLS v1.3 A-grade, which can be verified here.

Compliance

Verifiable is hosted with Amazon Web Services (AWS) which maintains enterprise-grade standards and certifications, including ISO 2700 compliance, PCI Certification, and SOC reports. Further information about AWS compliance is available here.

Data Backups and Retention

Customer data is backed up twice a day and stored in a separate, secure location. This ensure data recoverability in case there is a data center failure by one of our providers. All data backups are encrypted with 256-bit AES encryption.

Proactive Vulnerability Monitoring

We continuously scan dependencies within our product and network for possible vulnerabilities to prevent possible attacks or failures.

Availability

We are committed to continuous uptime for our users and customers. Our systems are protected against server and data center failures, and we have proper measures in place to respond quickly in case of any incidences.

Security Process and Policies

Data protection is addressed throughout our product and organization, from how we implement technology features and restrict data access only to specific team members when necessary. We regularly review and update our processes to ensure continuous improvement with how we secure user data.