- Our Secure Software Development Lifecycle (SDLC) standard provides highly secured products by integrating security testing and other activities into our existing development process, thus reducing the number of security-related design and coding defects.
- We run continuous vulnerability scans using various tools and periodic penetration tests by external parties.
- All of Via’s source code is scanned for open source dependencies vulnerabilities and licenses issues. Scanners are integrated with Via’s source code management tools or as part of the CI/CD.
- Our team conducts an organized and monitored Change Management process in order to ensure secure deployments and updates.
- Our systems and services are protected against security risks in accordance with industry best practices. All of our services run in secured Virtual Private Clouds, with proper network segmentation and stateless firewalls.
- Via utilizes scalable, resilient and high availability (HA) infrastructure.
- Production and development/testing environments are segregated to ensure the separation of live customer information from development/testing accounts.
- Via maintains continuous backups of databases and data warehouses in an encrypted manner. Each database includes recovery capabilities to ensure simple and fast restoration of normal operation.
Via is a cloud-based company, the data centers are hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) infrastructures, where leading physical security measures are employed. For more information, please visit:
- AWS Data center security
- GCP Data center security
Data protection and safeguarding of confidential client information is a top priority at Via. As we work with many partners and collect, manage, and store a wide variety of data, we have the necessary processes in place to ensure that confidential information is internally shared on a strictly need-to-know basis and is protected from being distributed to other clients and partners.
Via complies with all applicable data protection laws in the geographies in which we operate and all regulatory requirements agreed upon with our partners, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
- All data in transit and at rest is protected by encryption. We apply strong encryption measures to help prevent unauthorized access, threats, or theft.
- We use Transport Layer Security (TLS) cryptographic protocol to provide end-to-end communications security.
- All endpoints that connect to Via’s network are disk-encrypted and use industry-standard encryption.
Via performs reasonable due diligence on third party vendors that handle, maintain, or otherwise process personal information of employees or customers on behalf of Via. Via will enter into a Non-Disclosure
Agreement with all vendors that governs the proper handling and non-disclosure of Via’s confidential information.
When transferring user information to a third party, we ensure that the third party collects, processes, and discloses information only for limited and specified purposes, and complies with applicable privacy and security laws such as GDPR and other relevant regulations.
Via treats the security of our customers’ personal information with the utmost importance and is committed to providing secure products and services to our customers.
If you believe you have discovered an issue or if you are interested in more information about our Bug Bounty program, please visit https://hackerone.com/ridewithvia or contact us in: email@example.com