📆 Following the demand, we extended our free trial to 30 days! No automated billing/upgrade. You decide!  

Trust

Security

At vucavoid, protecting your data is our foremost commitment. Utilizing state-of-the-art technology and strict privacy policies, we ensure your information stays secure and private.

At vucavoid, we strive to make your compliance life easier. We understand that effective compliance management goes hand-in-hand with security. We recognize the sensitive nature of the information you entrust us with, and we treat the security of your confidential data with utmost priority.

Our platform is designed with an enterprise-grade security framework that envelops our infrastructure, applications, and endpoints. But our commitment to security doesn't stop there. We also maintain rigorous security protocols within our internal processes to ensure an extra layer of safety.

Security and compliance form the bedrock of our operations. They're not just features of our product; they define who we are as a company. We're committed to providing you with a robust, reliable solution that simplifies compliance management, without ever compromising on security. Your peace of mind is our success metric at vucavoid.

Compliance

At vucavoid, we diligently adhere to all applicable norms and standards to ensure the utmost security and protection of your data. Our payment processor, Paddle, is a certified Level 1 Service Provider. Sensitive payment information remains inaccessible to us. Additionally, vucavoid is fully compliant with both CCPA and GDPR regulations, demonstrating our commitment to safeguarding your privacy.

Application Security

At vucavoid, our foundation is built on the robust and reliable infrastructure provided by Hetzner, a leading Germany-based cloud hosting company renowned for its exceptional security standards. By partnering with such a top-tier provider, we are perfectly positioned to deliver our compliance management SaaS, ensuring the utmost protection and privacy for your sensitive data.

Hosting

Our hosting exclusively occurs within Germany, adhering to European Union standards, through our esteemed service provider, Hetzner. We invite you to review Hetzner's security documentation on their physical security measures, which showcases their commitment to providing the highest level of protection for your data in Germany. This implies that all of your data is physically stored within Germany.

Encryption

Every interaction between vucavoid users and our web application is safeguarded through encryption-in-transit using TLS, ensuring secure communication while utilizing the platform. This level of security also extends to any maintenance activities carried out by our dedicated staff.

Access to data

At vucavoid, we prioritize your privacy by adopting a restrictive data access policy. By default, we do not permit our team members or any associated third parties to access client data. Exceptions are made only upon explicit client requests for support or troubleshooting, and even then, access is strictly limited to authorized personnel who have undergone vetting procedures.

During automated scans, temporary technical access is granted to client data. However, rest assured that these scans are entirely mechanized - no human intervention, including viewing or copying of data, occurs during this process. The sole objective of these scans is to uphold the highest level of security in our application and infrastructure landscape.

Importantly, we want to emphasize that ownership of the data you upload to vucavoid always remains with you, the client. We process such data strictly in compliance with GDPR and CCPA regulations.

Data Retention

We retain your data for the duration of your contractual relationship with vucavoid. Once the contract concludes, all client data is deleted, except where laws mandate longer retention periods (e.g., accounting records).

In line with our commitment to data availability and integrity, we back up vucavoid at least daily. Due to technical requirements, these backups are retained for 60 days. This means that after the contract period has expired, client data may still exist within backup data for up to 61 days.

Individual users have the right to request their respective application admin to anonymize their accounts, which renders the account anonymized and unusable.

Please note, all deletion actions in vucavoid are irreversible, emphasizing our commitment to your privacy and data security.

Third-party sub-processors

We employ the following third party processors:

Provider Reason Country Site Access to client data
Forge, Laravel LLC Deployment, Scripts USA https://forge.laravel.com/ No
AWS Mail service USA https://aws.amazon.com/ Technically to mails sent by the application
Hetzner Hosting, Housing Germany https://www.hetzner.com/ Technically yes, no access allowed
Oh Dear Monitoring Belgium https://ohdear.app/ No
ProView Development Netherlands - No per default, only in case of relevant debugging

Infrastructure availability

Our infrastrucutre is hosted with top-class data center operators, namely Hetzner, in Germany. Hetzner is, amongst others, providing the following availability measures:

  • Uninterruptible power supplies (N+1 redundant UPS)
  • 2.5 MVA diesel generator
  • Power supply via two separate power paths from the substation to the low-voltage distribution

All Hetzner data center parks are connected to our backbone via redundant dark fiber connections. This ensures the availability of a data center if one of the connections fails. The n*100 Gbit/s connections provide ample bandwidth between the data centers.

More information can be found here as well as here.

Internal security measures

Personnel Security

All team members undergo background checks and must acknowledge our security policy while signing a confidentiality agreement.

Identity and Access Management

Unique logins are assigned to employees for all crucial systems, with two-factor authentication implemented whenever possible. We regularly audit access permissions and adhere to the principle of least privilege.

Hardware Security

Employee laptops are managed, equipped with encrypted hard drives, and protected by anti-malware software.

Network Security

Our internal network is secured with restricted access, segmentation, password protection, logical safeguards, traffic inspection (including IPS), and carefully reviewed external and internal firewall rules. We do not allow for remote access to our office networks.

Security Education

At vucavoid, we believe that a well-informed team is the first line of defense against potential security threats. To foster this awareness, we provide continuous security education throughout the year. Within their first two weeks, new hires attend comprehensive training sessions designed to help them identify and respond to potential threats, such as social engineering and phishing attempts.

Furthermore, employees and contractors responsible for coding are required to complete secure code training courses. This ensures the use of best practices in the creation of secure, reliable software.

Keeping abreast of the evolving threat landscape, vucavoid actively participates in several relevant security networks. This knowledge is regularly communicated internally, ensuring that our defense strategies adapt and stay at the forefront.

Application Security

Every new feature or bug fix in vucavoid undergoes rigorous review and testing phases before deployment. This thorough vetting process ensures that our updates enhance the platform's functionality without compromising security.

Vendor Security

We adopt a risk-tiered approach when evaluating our vendors' security measures. The tiering is determined based on factors such as the vendor's role, the level and duration of data access, the degree of network integration, and the vendor's overall security maturity. This comprehensive assessment enables us to uphold our commitment to data security across all aspects of vucavoid's operation.

Responsible disclosure

If you believe you have discovered a vulnerability within vucavoid's application, please submit a report to us by emailing vulnerability@vucavoid.com

vucavoid does not participate in a public bug bounty program at this time, nor do we provide monetary rewards for publicly reported findings.

If you believe your account has been compromised or you are seeing suspicious activity on your account please report it using our support contact form.

At vucavoid, we place the utmost importance on the security of user data and communication. We encourage and appreciate responsible disclosure of any discovered vulnerabilities within our service.

Adhering to responsible disclosure principles involves:

  1. Accessing or exposing only your individual client data.
  2. Abstaining from extracting information from our infrastructure, including source code, data backups, or configuration files.
  3. Promptly reporting any findings of remote access to our system, while refraining from accessing additional servers or elevating privileges.
  4. Avoiding any scanning techniques that may compromise the service experience for other customers, including excessive use of contact forms or support emails.
  5. Complying with the guidelines outlined in our Terms of Service.
  6. Maintaining confidentiality of vulnerability details until vucavoid has been notified and granted a reasonable time period to address the issue.

Ready to dive in?
Start your free trial today.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.