Request a Demo

We look forward to showing you Velaris, but first we'd like to know a little bit about you.

Please use your work email address to proceed.

Thank you, your submission has been received!
Please check your email for more information.
Make sure to check your promotions/spam folder.
Done
Oops! Something went wrong while submitting the form.

Velaris Security Portal

Built to keep your data private and secure.

Overview

Welcome to Velaris' Security Portal. Our commitment to data privacy and security is embedded in every part of our business. Use this portal to learn about our security posture and request access to our security documentation.

Compliance
Iso certificationGDPR certification badge

Risk Profile

Data Access Level

As a SaaS vendor selling to an enterprise test
, what type of data do you need access to?

Restricted (Confidential information such as PII, personal identifiable information)

Impact Level

What is the potential impact to your enterprise customer if the data and/or functionality you, as the vendor, are supposed to manage, is compromised?

Substantial

Recovery Time Objective

What is your recovery time objective in case of critical failure? (e.g., your DB is deleted)

24 – 48 hours

Recovery Point Objective

What is your recovery point objective in case of critical failure? (e.g., your DB is deleted)

24 – 48 hours

Critical Dependence

Will your product be a system that your enterprise customer critically depends on? (i.e., a failure would cost them a ton of money)

No

Third Party Dependence

Are you also using other third-party services to manage or support your customers?

Yes, Tinybird data platform is used for user-faced analytics

Hosting

Are you hosted only on one of the major cloud providers or do you have any on-premise systems?

Amazon Web Services (AWS)

Reports

Pentest Report

Auditor

7ASecurity

We engaged 7ASecurity to perform a thorough white-box penetration test of the Velaris. All identified issues were fixed by Velaris and verified by the 7ASecurity team.

View report (PDF, 1.7MB)

Data Security

Backups Enabled

We utilize automated backup solutions provided by AWS to ensure data integrity and availability.

Data Erasure

We implement secure data erasure practices compliant with industry standards to permanently remove data when no longer needed.

Encryption-at-rest

AWS KMS is employed for encryption at rest, safeguarding sensitive information.

Encryption-in-transit

We ensure data is encrypted in transit using SSL, with certificates managed by AWS Certificate Manager

Physical Security

All data is securely stored in AWS cloud, eliminating the need for in-house physical servers. Our office headquaters are secured with CCTV, alarms and 24/7 surveillance.

App Security

Credential Management

We manage all our system level secrets using AWS Secrets Manager and user credentials through 1Password.

Responsible Disclosure

We appreciate your help in reporting bugs and have set up a bug bounty program to reward your efforts. Please reach out to support@velaris.io to report a bug.

Vulnerability & Patch Management

We install all patches and software updates as soon as they are made available. All vulnerabilities are tracked in our project management system.

Legal

Subprocessors

Company

Location

Additional details

AWS logo

Amazon Web Services

United Kingdom

Cloud infrastructure

Access Control

Data Access

We strictly monitor access to customer data and only permit it on an as-needed basis.

Logging

We use AWS CloudWatch and CloudTrail for comprehensive logging and monitoring of all system activities and security events.

Password Security

We enforce stringent password security policies and MFA-based access for all our employees via a central Identity Provider.

Infrastructure

Amazon Web Services

We host our applications and data on Amazon Web Services

Separate Production Environment

We maintain completely separate production and development environments to ensure product stability.

Corporate Security

Asset Management Practices

All our assets are securely monitored and managed through our trusted security provider, SecFix.

Employee Training

We conduct employee security training though our security partner, SecFix and hold internal knowledge sharing sessions, ensuring our team is well-versed in common security threats and migitations.

HR Security

We implement strict HR security protocols, including thorough background checks and continous monitoring, to safeguard our organization from insider threats

Policies

Acceptable Use Policy

Acceptable Use Policy for outlines the rules and guidelines employees must follow when using the company's IT resources, including computers, networks, and data, to ensure security, compliance, and responsible usage.

View document (PDF, 1.7MB)
Access Control Policy

Access Control Policy defines the procedures and guidelines for granting, managing, and revoking access to company systems and data to ensure only authorized personnel have access.

View document (PDF, 1.7MB)
Asset Management Policy

Asset Management Policy establishes the framework for tracking, managing, and protecting the company’s physical and digital assets throughout their lifecycle.

View document (PDF, 1.7MB)
Data Management Policy

Data Management Policy outlines the standards and practices for collecting, storing, processing, and protecting company data to ensure its integrity, availability, and confidentiality.

View document (PDF, 1.7MB)
Business Continuity Policy

Business Continuity Policy details the strategies and plans to ensure the company can continue critical operations during and after a disruption or disaster.

View document (PDF, 1.7MB)
Incident Management Policy

Incident Management Policy defines the process for identifying, reporting, responding to, and recovering from security incidents to minimize impact on the company.

View document (PDF, 1.7MB)
Operational Security Policy

Operational Security Policy sets forth the guidelines for maintaining the security of the company’s operational environment, including the protection of information systems and processes.

View document (PDF, 1.7MB)
Cryptography Policy

Cryptography Policy outlines the use and management of cryptographic methods and tools to protect sensitive company information from unauthorized access and disclosure.

View document (PDF, 1.7MB)
Information Security Policy

Information Security Policy establishes the framework for protecting the confidentiality, integrity, and availability of company information against threats and vulnerabilities.

View document (PDF, 1.7MB)
Third Party Management Policy

Third Party Management Policy defines the requirements and procedures for managing the risks associated with engaging third-party vendors and partners.

View document (PDF, 1.7MB)
Cloud Security Policy

Cloud Security Policy sets the standards for securing data, applications, and services that are hosted in the cloud to ensure compliance with company security requirements.

View document (PDF, 1.7MB)
Physical Security

Physical Security Policy outlines the measures and procedures for protecting the company’s physical premises, assets, and personnel from physical threats and unauthorized access.

View document (PDF, 1.7MB)
Risk Management Policy

Risk Management Policy defines the process for identifying, assessing, mitigating, and monitoring risks that could impact the company’s operations and objectives.

View document (PDF, 1.7MB)
Secure Development Policy

Secure Development Policy establishes the guidelines for incorporating security practices throughout the software development lifecycle to ensure the creation of secure and resilient applications.

View document (PDF, 1.7MB)
Iso certification
GDPR certification badge
Company
AboutCareersResources
Legal
Terms of ServicePrivacy PolicyData Processing Addendum
Contact
Contact Us
Follow us
LnkedIn icon
© 2021 - 2024 Manantial Ltd. All rights reserved.