Vestd uses Amazon Web Services (AWS) to host the Vestd app and store customer data in Ireland (eu-west-1).
The Vestd app runs inside of a Virtual Private Cloud with strict access controls to ensure only the right traffic reaches our network.
Failures & Disaster Recovery
The services that make up the Vestd app run across two availability zones (data centres), this means that if there is a failure in one location the application will continue to run.
Data moving in and out of the app is encrypted with 256-bit encryption and strict transport security (HSTS) is enabled, we also continually review the available protocols to ensure this is kept as secure as possible.
Permissions and Access
Engineer access to the AWS system is through a TLS encrypted connection using 2-factor authentication.
Information on AWS’s own data security compliance can be found on AWS Compliance.
Access to underlying data is strictly controlled with only a few select engineers having audited access.
Logins to Vestd are unique to individuals and should never be shared with anyone, two factor authentication is available to all users.
Passwords are hashed with bcrypt hashing function and never stored directly.
Staff access to the Vestd app is controlled through a non-optional 2-factor authentication.
Staff are educated in the use of strong and unique passwords. All staff computer equipment used to access Vestd data have secure login access and is encrypted at rest.
Audit logging captures all activity in the app allowing authorised members of staff to review actions that were carried out and identify changes.
Files uploaded to the Vestd app are stored encrypted at rest in the AWS Simple Storage Service with access to these files running through the Vestd app and its security controls which ensure only people with the correct access can see them.
Other data uploaded to the Vestd app is stored in a database with strong access controls using encryption at rest, data is also encrypted as it is transferred from the app servers to the database. Particularly sensitive details such as dates of birth are encrypted by the app and its encryption key using the AES-256 standard before being sent to the database.
Data is regularly backed up and stored with the same security standards as all other customer data.
All changes to the main Vestd app are reviewed by another engineer and are automatically tested to ensure coding and security standard are maintained.