Security

Trusting your organization's data with Vintri Technologies is an important decision, and we take that responsibility very seriously.

How does Vintri Technologies protect data?

  • User credentials are securely stored with our identity partners, Azure and Auth0. They are not reversible (hashed and salted).

  • All your data is encrypted in transfer and at rest.

  • Admin users can control employee data access via roles & permissions.

  • Customer support tasks are restricted to trained personnel.

  • Our service organizational controls (SOC) team continuously reviews and enforces our SOC policies.


Where and how is the data stored?

All customer data is stored in highly secure Azure data centers. These centers are ISO 27001 and SOC2 certified. The Azure data centers and network architecture are built to meet the requirements of the most security-sensitive organizations. Vintri’s Azure instances and data are located in the USA.

Who can access the data?

You, your employees, contractors, and suppliers have access to your data, based on the roles, project permissions, and attribute level data permissions you set for each user. Each user must login to view any information. You can control who has access and what level of access is given to any employee, contractor, or supplier.

Our customer support staff will only access your data with your permission and at your request. Only employees who are trained and authorized can access the data.

Is the data backed up?

Yes, all customer data is securely backed up and encrypted.

Application development

Our Secure Software Development Life Cycle ensures that we use secure coding practices, static code assessments, senior level code reviews, and dynamic application testing to find exploits prior to any deployments to production.

We test our systems against the OWASP Top 10 standard at minimum to ensure code, configuration and architecture level security.

Application security monitoring

  • We use technologies to monitor exceptions, logs, and detect anomalies in our applications.

  • We collect and store logs to provide an audit trail of our application & activity.

How you can do your part

It is also important for you to guard against unauthorized access to your organization’s data by maintaining strong passwords and protecting against the unauthorized use of your own computer or device. Remember: you can control the safety of your password.

Here are some important things to keep in mind:

  • We will never ask you to disclose your password to us or anyone else, and you should not share it with anyone.

  • We recommend that your users change their passwords periodically.

  • A strong password contains a mix of numbers, letters, and symbols and is only used for one account.

  • Always log out when you use a computer you share with other people.