Protecting your data and the data of your customers is extremely important to us. We know you have questions about how we’re protecting that information, so what follows are details about some frequently requested information about Verix’s security.
Verix scans our applications for vulnerabilities using static source code analysis, package dependency security scans, dynamic testing, and external penetration tests.
Verix employees run a rigorous software development process with thorough security code reviews and quality assurance processes to ensure vulnerabilities are not introduced.
Verix vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Verix maintains separate production and testing environments. Verix operates a bug bounty program to work with the security community in identifying potential issues.
Verix's product requires a user to go through three levels of identity verification - personal, financial, and mobile.
Verix adheres to a strict data retention policy to minimize the security risk of a user's data being exposed or misused.
When you use Verix, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Verix encrypts data using AES-256.
Verix's servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Verix’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.
We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
We operate a bug bounty program through HackerOne. If you think that you have found a security issue, please submit a report to us through our HackerOne campaign for a bounty, or contact us at firstname.lastname@example.org. We take all reports seriously, please do not publicly disclose the issue until we've addressed it.