Security

At Verix, the security of your data is our highest priority

Protecting your data and the data of your customers is extremely important to us. We know you have questions about how we’re protecting that information, so what follows are details about some frequently requested information about Verix’s security.

Application Security

Verix scans our applications for vulnerabilities using static source code analysis, package dependency security scans, and dynamic testing.

Verix employees run a rigorous software development process with thorough security code reviews and quality assurance processes to ensure vulnerabilities are not introduced.

Organizational Security

Verix vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Verix maintains separate production and testing environments. Verix operates a bug bounty program to work with the security community in identifying potential issues.

Product Security

Verix's product requires a user to go through three levels of identity verification - personal, financial, and mobile.

Verix adheres to a strict data retention policy to minimize the security risk of a user's data being exposed or misused.

Network & System Security

When you use Verix, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Verix encrypts data using AES-256.

Verix's servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Verix’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

Privacy

You can view our privacy policy here. The confidentiality of your information is paramount to us. We never resell your data and we have strict data retention policies we follow.

How to Report an Issue

We operate a bug bounty program through HackerOne. If you think that you have found a security issue, please submit a report to us through our HackerOne campaign for a bounty, or contact us at security@verix.co. We take all reports seriously, please do not publicly disclose the issue until we've addressed it.