Vestd uses Amazon Web Services (AWS) to host the Vestd app and store customer data.
Information on AWS’s own data security compliance can be found on AWS Compliance.
The Vestd app runs in a private network and access is strictly controlled with only a few select engineers having audited access to production data. Engineer access to the AWS system is through a TLS encrypted connection using 2 factor authentication.
Client application connection
The Vestd app is only available over a secure connection with strict transport security (HSTS) and we continually review the available protocols to ensure this is kept as secure as possible.
Staff access to the Vestd app is controlled through a non-optional 2 factor authentication.
Staff are educated in the use of strong and unique passwords. All staff computer equipment used to access Vestd data have secure login access and is encrypted at rest.
Logins to Vestd are unique to individuals and should never be shared with anyone, two factor authentication is available to all users.
Passwords are hashed with bcrypt hashing function and never stored directly.
Audit logging captures all activity in the app allowing authorised members of staff to review actions that were carried out and identify changes.
Files uploaded to the Vestd app are stored encrypted at rest in the AWS Simple Storage Service with access to these files running through the Vestd app and its security controls which ensure only people with the correct access can see them.
Other data uploaded to the Vestd app is stored in a database with strong access controls using encryption at rest, data is also encrypted as it is transferred from the app servers to the database. Particularly sensitive details such as dates of birth are encrypted by the app and its encryption key using the AES-256 standard before being sent to the database.
Data is regularly backed up and stored with the same security standards as all other customer data.
All changes to the main Vestd app are reviewed by another engineer and are automatically tested to ensure coding and security standard are maintained.