VisibleThread Cloud Security Statement
Note: This article applies to VisibleThread cloud hosted solutions. VisibleThread products are also available as on-premise solutions. For more details on deployment options see here: https://support.visiblethread.com/hc/en-us/articles/214225686
VisibleThread (VT) is committed to protecting your information. We take the measures outlined below to ensure the privacy of your data for our products including; ‘VT Docs’, ‘VT Web’, 'VT Readability' and 'VT Insights'. The rest of this document covers security elements for these product lines.
This policy applies to the following VisibleThread products:
- VT Docs - on demand
- VT Web - on demand
- VT Readability - on demand
- VT Insights - on demand
Data Center Security
The VisibleThread cloud servers are hosted by Rackspace (NYSE) www.rackspace.com. These servers are located in the continental USA. Rackspace have been awarded the ISO 27001, PCI-DSS , ISAE 3402, SSAE16 Type II SOC1, SOC2 and SOC3 certifications. They provide comprehensive physical and operational security procedures to secure access to our servers.
All communication between the user and the VisibleThread cloud server is encrypted over SSL/HTTPS. Any attempt to connect over HTTP is redirected to HTTPS.
Your VisibleThread password is protected by encryption. Once a user has successfully authenticated with the server, a secure cookie is used to identify that user for the lifetime of the session.
All customer data on our cloud servers is treated as confidential. Each account or sandbox on the VisibleThread servers operates in isolation. Your data is private to you and other users in your sandbox. No data, or user credentials are shared between sandboxes.
Data Submitted for Analysis
Subscribers to our products may upload documents or specify webpages for analysis. Or they may use our Services to analyze plain text.
If Subscribers upload documents or text that contains personal information, then Subscribers are solely responsible for the correct handling of that personal information.
We will not share, sell or exchange any data submitted for analysis to any 3rd party. To avoid doubt, this includes any documents, web pages or text that you upload.
Our internal technical support team may occasionally review this data. But only with the express purpose of resolving customer issues or to diagnose potential product issues.
The VisibleThread cloud servers operate behind a firewall designed to prevent unwanted intrusion.
Console access to the servers is restricted via IP and secure certificates.
All VisibleThread cloud servers are actively scanned with up to date anti-virus scanners.
Our cloud servers are backed up on a daily basis. Backups are transferred offsite over secure SSH.
Secure Development Best Practices
The VisibleThread application development teams follows many OWASP (https://www.owasp.org ) secure coding guidelines and run regular Vulnerability and Intrusion Detection Scans on the VisibleThread test servers.