How does Vault secure personal data?

We take multiple measures to ensure your data is protected

Tori Reichman avatar
Written by Tori Reichman
Updated over a week ago

Our core mission is to foster trust between companies and their employees, creating inclusive, diverse, and safe work environments. Security and data privacy are fundamental to our mission, and we employ several security measures to protect your data in multiple ways:

  • Data Encryption: When you use our application via a browser or mobile app, we employ Transport Layer Security (TLS) to safeguard your information with server authentication and encryption. All data entered into Vault Platform is protected using Advanced Encryption Standard (AES-256) and a unique encryption key. Until reports are submitted, no one, including Vault, can access the information. Once a report is submitted, only assigned case managers can securely access the data. Access to Vault's infrastructure is highly restricted, monitored, and logged.

  • Compliance Certifications: Vault Platform is ISO 27001 certified, adhering to industry standards for information security management. We conduct regular security audits, vulnerability scans, external penetration testing, and automated monitoring, and provide security training to our staff. We stay abreast of evolving standards and legislation to ensure compliance with leading industry security requirements.

  • Secure Hosting Infrastructure: Our servers are located within the European Union and the United Kingdom, housed in AWS (Amazon Web Services) data centers with ISO 27001, SOC 1, and SOC 2 certifications. Customer data is redundantly stored in our hosting provider's data centers for reliability. We maintain a robust business continuity program with regular backup and restoration procedures.

  • Application Security: Vault Platform maintains an internal security threat model and conducts external penetration testing regularly to fortify application security. Our engineers undergo regular training in secure coding practices, covering key OWASP security risks, common attacks, and security control best practices. We subject code and configuration changes to thorough reviews and quality assurance testing before deployment to ensure a consistent experience across supported devices and platforms.

If you have any additional questions on how we protect your data, please contact our Technical Support team.

Did this answer your question?