ViewerApps Security

Viewerapps upholds industry-leading data security and privacy standards across all operations. We safeguard your and your users’ data so that you can fully focus on transforming your marketing strategy.

Security measures

This page describes the technical and organizational security measures implemented by viewerapps. Viewerapps may update or modify these security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the viewerapps services.

Security of data centers

Data centers

Viewerapps stores its service data at physically secure data centers in the Amsterdam. We use Google Cloud Platform, and Digital Ocean.

Physical security of data centers

Physical security of data centers is ensured through a number of measures, including strict control of personnel access to the data center premises, as well as access control of third parties. Access to data centers is regularly reviewed, activities and incidents are monitored on a 24/7 basis, CCTV recordings of physical access points to server rooms are provided, and electronic intrusion detection systems are in place.

Disaster recovery

Data centers manage climate and temperature to prevent overheating. They are equipped with automatic fire detection and suppression systems, as well as water leak detection systems. In addition, electrical and mechanical equipment are monitored. All data centers are redundant and maintainable 24/7. When user data is copied electronically by Semrush outside the data center, appropriate physical security is maintained, and the data is encrypted at all times.

Uptime of the service

The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.9% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.

Failover protection

Back-up and replication strategies are designed to ensure redundancy and failover protections during a significant processing failure. Viewerapps data is backed up to multiple durable data stores and is replicated across multiple availability zones. Viewerapps uses commercially reasonable efforts to create frequent, encrypted back-up copies of the user data, and these are stored in geographically separate locations.

Redundancy

Where feasible, production databases are designed to replicate data between no less than one primary and one secondary database. All databases are backed up and maintained using industry-standard methods at a minimum.

Security management and compliance

Security policies and procedures

We have developed policies that are communicated to all staff. We also have specific policies that are communicated to the personnel they affect. Policies cover the main areas of information security.

PCI DSS compliance

We have fully implemented and support all processes related to PCI DSS compliance. Once a year, we confirm our compliance by passing an independent QSA audit. As a result, we have achieved a PCI DSS Level 1 certificate. In addition, we have expanded the range of applicability of certain requirements of this standard to the entire company, including training for all employees, training for developers, data transfer, and storage.

Risk management

Viewerapps has defined and implemented a risk management program that sets out the strategy to identify, analyze, evaluate, treat and review the information security risks. Risk assessments are performed by certain teams at least annually or at any point when a major change takes place in the technological, organizational, business, or legal landscape. The likelihood and impact of risk events are used for measuring the risk level and its significance as per the risk criterion described in Risk Assessment Methodology.

Cybersecurity rating

To make the security process more transparent to our clients, we made a shared profile in the Upguard where you can find more information about security at Viewerapps.

HR security

Confidentiality agreement

Our employees and contractors are required to sign a non-disclosure agreement before starting work.

Security awareness

We provide security awareness training for all new employees, and all employees do this annually. Training is carried out through an electronic platform, and we display materials and posters throughout our offices.

Developer training

We provide training for our product developers in accordance with OWASP best practices for secure programming. Every year, we hold a Capture the Flag (CTF) challenge for all employees.

Privacy

Interaction with contractors

To protect any data processed, viewerapps maintains contractual relationships with its third-party suppliers. viewerapps relies on contractual agreements, privacy policies, and supplier compliance procedures in order to protect any data processed or stored by suppliers.

Privacy laws

While we process personal data, we use reasonable and appropriate technical and organizational measures to adhere to applicable privacy law, as described in this document. We have enacted the following internal and external policies: General Data Protection Policy, Privacy Policy, Subject Access Request Policy, employee procedures for handling subject access requests, data breach procedures, and other documents as may be required by applicable legislation.

Personal data retention

A user’s personal data is deleted once no longer necessary for the stated purposes. However, we may retain copies of such data and information to the extent permitted or required by law, for archival purposes, or as created by automatic computer back-up and archived as part of normal computerized archiving systems, maintaining necessary technical and organizational measures.

GDPR

Viewerapps products adhere to GDPR requirements effective May 25, 2020. We have adopted the following measures to be compliant with GDPR requirements: Collect the minimum information necessary for the provision of our services. Process data in a lawful manner. Maintain and make available to customers a list of sub-processors, as well as the purpose of their use. Enter into data processing addenda with our customers and vendors to reflect the respective security obligations and privacy requirements of the parties. Market our services to customers and prospects in a manner that respects their rights under GDPR. Maintain a privacy policy to describe our data collection practices. We also monitor other countries’ privacy legislation such as CCPA, LGPD, and others and comply with their requirements to ensure the security of personal data.

Incident management

System logging

Viewerapps has designed its infrastructure to log information about system behavior, traffic received, system authentication, and other application requests. Internal systems aggregate log data and alert appropriate employees of malicious, unintended, or anomalous activities. Viewerapps personnel, including security, are responsive to handle security incidents.

Notification in case of incident

If viewerapps becomes aware of unlawful access to data stored within its services, we notify the affected users of the incident, provide a description of the steps that are being taken to resolve the incident and provide status updates to the user, as necessary.

Incident response

Viewerapps maintains a record of known security incidents that includes descriptions, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, and support personnel. Appropriate resolution steps are identified and documented. For any confirmed incidents, viewerapps takes appropriate steps to minimize user damage and unauthorized disclosure and to prevent future incidents.