Security

Why is Corvisio Secure?

Ensuring the privacy and security of your data is a top priority for us. You can rest easy, knowing that we take
every precaution to provide a service with high-grade security.

256 Bit SSL

Regardless of your plan, all your forms are served across protected 256 bit SSL (Secure Socket Layer) connection that uses a SHA256 Certificate. This is the same level of protection used by online banking or e-commerce providers.

PCI COMPLIANCE

We are a company with PCI DSS Service Provider Level I compliance, the highest security attainment you can have as a business that collects payments from, and integrates with, credit cards.

GDPR COMPLIANCE

Corvisio is fully compliant with the European Union’s General Data Protection Regulation (GDPR), the data protection law taking effect on May 25, 2018. This applies to any business that collects data in or from Europe.

BACK UP YOUR DATA

You can backup your data with a single click from the “Data” tab in your account settings. When you trigger a backup operation, we start preparing a single ZIP file that contains data, text, photographs, videos, audio clips, written posts and comments, software, scripts, graphics, and interactive features generated. These backups can either be downloaded or stored in our database.

What Measures Do We Take To Protect Your Data?

Data Centers

Corvisio servers are co-located in a cloud based architecture with Google Cloud and Amazon Web Services (AWS) and also Heroku Web Services. AWS data centers are located both Virginia (US).
Google Cloud servers host our redundant application and data servers in active-active configuration and all data is also replicated to AWS servers continuously. This provides a platform level redundancy in addition to the redundancy obtained with multiple servers within single platform. In case we need to switch from primary platform (Google Cloud) to the secondary platform (AWS), this architecture helps us for an easy and fast switch.
Hosting Corvisio at these major cloud platforms also provides us some extra benefits in means of implementation of security best practices in areas like hardware lifecycle management, physical security and network infrastructure. Our servers are constantly updated and patched.

Back Up Policy/Business Continuity

Corvisio servers are co-located in a cloud based architecture with Google Cloud and Amazon Web Services (AWS) and also Heroku Web Services. AWS data centers are located both Virginia (US).
Google Cloud servers host our redundant application and data servers in active-active configuration and all data is also replicated to AWS servers continuously. This provides a platform level redundancy in addition to the redundancy obtained with multiple servers within single platform. In case we need to switch from primary platform (Google Cloud) to the secondary platform (AWS), this architecture helps us for an easy and fast switch.
Hosting Corvisio at these major cloud platforms also provides us some extra benefits in means of implementation of security best practices in areas like hardware lifecycle management, physical security and network infrastructure. Our servers are constantly updated and patched.

Encouraging Best Coding Practices

In addition to implementing features that increase security, we maintain best practices on the backend to ensure your account remains secure. We monitor sessions to restrict access of your account appropriately, and have constructed Corvisio in a way that every account is isolated.
We have put safeguards in place to detect common attacks, such as SQL injection and cross-site scripting. Most importantly, we actively review our code for potential security concerns (in addition to evaluating all user feedback) so that we can address any issues if they arise. Our privacy statement speaks to our level of commitment to ensuring your data is not misused.

Security Audits

PCI scans are performed to detect any kind of vulnerability of the publicly available interfaces regularly. Each quarter internal and external ASV (Approved Scanning Vendor) tests are performed for PCI. In addition to these PCI scans, Pen-tests are performed periodically for Corvisio.
We also have a Bug Bounty program where we pay outside parties for reporting vulnerabilities which ensures that we are the first to know about them. We fix all issues reported to our bug bounty program with highest priority in the shortest time.

Network Security

We have an outside routing layer provided by CloudFlare that provides basic filtering to handle and manage any potential DDoS (denial of service) attacks. Security scans are performed periodically as described in the audits/VA/PT chapter. Our servers are configured to allow only the absolute minimum level of access needed to maintain them.
All unnecessary users, protocols, and ports are disabled and monitored. Our employees are able to access the servers only through a Virtual Private Network using a 2048-bit encrypted connection with private keys. In addition to 3rd-party security services, our experienced development operations team continuously monitors any suspicious behavior on the entire system.

Account Security

Forms are linked to only your account and account information is transferred only in encrypted format.