We’re all about making business (and life) easier for our customers. And you can also enjoy the peace of mind knowing we take every step and precaution to ensure the security and integrity of your information. Not convinced? Dive into all the technical details below!
Vsimple forces secure, encrypted connections to all services. TLS (SSL) with HTTP Strict Transport Security (HSTS) is enforced, with CAA policies that prevent malicious use of CAs from generating certificates for use on our domains. We are proud to maintain A+ SSL scores by the industry leading Qualys SSL Labs test. You can check our score any time at https://www.ssllabs.com/ssltest/analyze.html?d=app.vsimple.com&hideResults=on
All of your data stored in our databases are encrypted at rest with LUKS (Linux Unified Key Setup). It is also encrypted in transit with SSL preventing malicious actors from reading data traversing the network. Connections to these data sources are also restricted to authorized sources and are not available on the open Internet.
We follow the OWASP (Open Web Application Security Project) guidelines and test for vulnerabilities throughout our development cycle. These vulnerabilities include testing for injection attacks, broken authentication and access controls, leaking of sensitive data, and logging and monitoring security exceptions.
We built Vsimple with fine-tuned user access management, roles and permissions from the beginning. Administrators have the ability to restrict access to specific orders and types of data, like financial data, on a per user-basis. Beyond administrator level access, end users have complete control over their own accounts, so other users cannot knowingly change passwords to gain unauthorized access to data.