Last updated: 14 October 2022
We at Vistaly believe that security is a critical part of our platform. On this page, we include some best practices for how you can most securely use Vistaly. We also outline what we're doing to keep your data safe. Feel free to reach out with any questions to firstname.lastname@example.org.
When using Vistaly, there are things you can do within our platform to improve security:
Vistaly supports single sign-on (SSO) via Google. Additionally, it supports self-registration with two-factor authentication (2FA / MFA) via time-based one-time passwords (TOTP). By utilizing these controls, it decreases the likelihood of a user's account being compromised.
All of Vistaly's services are in the cloud. This allows the Vistaly team to iterate quickly on features while ensuring enterprise-level security.
All core services run on Amazon Web Services (AWS) within U.S. based regions. AWS is an industry leader in security best practices. They are SOC 1, 2, and 3 compliant. They additionally have ISO certifications for ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v3.0.1. You can find additional information here.
Vistaly aims for 99.9% uptime or higher for its services. You can view Vistaly's current status along with system updates at status.vistaly.com.
All Vistaly data is encrypted at rest and in transit. Data is backed up and encrypted following a daily, weekly, and monthly 7 year retention policy.
From within Vistaly, we version customer's data so that they can view historical data and revert to an earlier version if needed.
Vistaly does not handle any payment information. All payments are processed by Stripe, a PCI Service Provider Level 1. You can read more information here.
All Vistaly employees must agree to management approved policies. These policies include, but are not limited to:
Vistaly uses Git (a version control system) to manage all code for the Vistaly platform. All code is reviewed by at least two engineers before it is merged into the main branch. Additionally, automated unit tests, and code quality checks must pass. In order to promote code to production, a suite of integration tests, and end to end tests must also pass.
Vistaly utilizes Dependabot to monitor vulnerabilities in project dependencies and keep them up to date. For more information visit here.
While utilizing Vistaly, if you encounter a vulnerability, please send an email to email@example.com with details of your finding. The Vistaly team will promptly respond to all reports.