Privacy Vault Security

The Privacy Vault service is hosted in premier Tier IV data center facilities that are highly secure, fully redundant, and certified for SOC-2 and ISO 27001 compliance. Each site is staffed 24/7/365 with on-site security personnel to protect against unauthorized entry. Security cameras continuously monitor the entire facility—both indoors and outdoors. Biometric readers and two-factor or greater authentication mechanisms secure access to the building. Each facility is unmarked so as not to draw attention from the outside.

Privacy Vault employs advanced network security elements, including firewalls and other boundary protection devices to monitor and control communications at internal and external network borders. These border security devices segregate customers and regulate the flow of communications between networks to prevent unauthorized access to Privacy Vault infrastructure and services.

Privacy Vault supports a comprehensive set of data privacy and security capabilities to prevent unauthorized access and disclosure. Strong user authentication features tightly control access to stored data. Access control lists (ACLs) and administratively defined policies selectively grant read/ write and administrative permissions to users, groups of users, and roles. Your data is encrypted on your device prior to upload to any Privacy Vault server. Data in encrypted in transit to prevent leakage and ensure privacy. All data stored on Privacy Vault is encrypted by default to protect data at rest. All communications with Privacy Vault are transmitted using HTTPS to protect data in transit. 

Privacy Vault uses a third party vaultless tokenization service for additional security and privacy. Your Tokenized Key is tokenized and then securely stored in an encrypted database. Neither Privacy Vault, the third-party tokenization provider, or anyone else can access this key. If you lose access to this password, Privacy Vault will be unable to recover it for you and your data will not be able to be accessed. 

Privacy Vault cloud storage is engineered for extreme data durability and integrity. Privacy Vault provides eleven 9s object durability, protecting data against hardware failures and media errors. In addition, Privacy Vault supports an optional data immutability capability that protects data against administrative mishaps or malicious attacks. An immutable object cannot be deleted or modified by anyone—including Privacy Vault. Privacy Vault data immutability protects against the most common causes of data loss and tampering including accidental file deletions, viruses, and ransomware.

Privacy Vault is engineered to meet stringent data security and privacy requirements. The service is built and managed according to security best practices and standards and employs a defense-in-depth approach to protect against a wide array of threats. We ensure the physical security of our data centers, implement strong authentication and access controls to safeguard infrastructure and services, and encrypt data at rest and in transit to protect privacy and prevent unauthorized disclosure.