Skip to content
Investing in your security

We keep a tight lid.

Your trust is important to us. That’s why security features are built into Via’s products and processes every step of the way. We use proven practices — informed by Via’s comprehensive Information Security System (“ISMS”) — to ensure the security, privacy, and soundness of all data within our system. So whether you’re a rider, driver, or partner, you can feel confident that your data is safe.

Product security.

Application security

  • Our Secure Software Development Lifecycle (SDLC) standard provides highly secured products by integrating security testing and other activities into our existing development process, thus reducing the number of security-related design and coding defects.
  • We run continuous vulnerability scans using various tools and periodic penetration tests by external parties.
  • All of Via’s source code is scanned for open source dependencies vulnerabilities and licenses issues. Scanners are integrated with Via’s source code management tools or as part of the CI/CD.
  • Our team conducts an organized and monitored Change Management process in order to ensure secure deployments and updates.

Infrastructure security

  • Our systems and services are protected against security risks in accordance with industry best practices. All of our services run in secured Virtual Private Clouds, with proper network segmentation and stateless firewalls.
  • Via utilizes scalable, resilient and high availability (HA) infrastructure.
  • Production and development/testing environments are segregated to ensure the separation of live customer information from development/testing accounts.
  • Via maintains continuous backups of databases and data warehouses in an encrypted manner. Each database includes recovery capabilities to ensure simple and fast restoration of normal operation.

Physical security

Via is a cloud-based company, the data centers are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) infrastructures, where leading physical security measures are employed. For more information, please visit:

 

Data security.

Data protection and safeguarding of confidential client information is a top priority at Via. As we work with many partners and collect, manage, and store a wide variety of data, we have the necessary processes in place to ensure that confidential information is internally shared on a strictly need-to-know basis and is protected from being distributed to other clients and partners.

Via complies with all applicable data protection laws in the geographies in which we operate and all regulatory requirements agreed upon with our partners, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Encryption

  • All data in transit and at rest is protected by encryption. We apply strong encryption measures to help prevent unauthorized access, threats, or theft.
  • We use Transport Layer Security (TLS) cryptographic protocol to provide end-to-end communications security.
  • All endpoints that connect to Via’s network are disk-encrypted and use industry-standard encryption.

Third-party vendors

Via performs reasonable due diligence on third party vendors that handle, maintain, or otherwise process personal information of employees or customers on behalf of Via. Via will enter into a Non-Disclosure
Agreement with all vendors that governs the proper handling and non-disclosure of Via’s confidential information.

When transferring user information to a third party, we ensure that the third party collects, processes, and discloses information only for limited and specified purposes, and complies with applicable privacy and security laws such as GDPR and other relevant regulations.

Vulnerability reporting

Via treats the security of our customers’ personal information with the utmost importance and is committed to providing secure products and services to our customers.

If you believe you have discovered an issue or if you are interested in more information about our Bug Bounty program, please visit https://hackerone.com/ridewithvia or contact us in: security@ridewithvia.com

 

Standards, regulations, and certifications we comply with

iso-27001 gdpr ccpa dss privacy-shield

 

Your data is not for sale.

At Via, we follow a strict Privacy Policy governing user data. Please read our privacy policy to learn more.