All Vision Technologies Security

We know your data is extremely important to you and your business, and we're very protective of it.

All Vision Public

When you publish your data to All Vision Public in order to access our services, they will be encrypted and stored at our hosted databases that are reasonably secured and protected. This means that if you store information in or submit data to All Vision Public, you acknowledge your information and data will be transmitted to, hosted, and accessed in the United States.

​

​We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security ("TLS") or secure socket layer ("SSL") technology. However, internet data transmissions cannot be guaranteed to be 100% secure, and we cannot ensure the security of information during its transmission between you and us. Accordingly, you acknowledge that when you transport such information, you do so at your own risk. 

​

​If All Vision Technologies learn of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on our website and/or via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing. 

Data Center Security

All Vision Technologies Cloud is hosted on Microsoft Azure. Please see Microsoft Azure's security resources for more information.

Software Security

We employ a team of 24/7/365 server specialists at All Vision Technologies to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. 

Security Engineering Practices

All Vision Technologies’ engineering team is responsible for ensuring that security is a key component of the entire development process. From design reviews, to test cycles, to bug triage, security issues are closely tracked and monitored. All security issues are thoroughly researched, resolved, and then re-tested to ensure they are properly remediated. Additionally, we require key engineering team members to go through secure code development training. Training is delivered at regular intervals or as needed for new hires. This is done to ensure that coding and testing are done with security in mind. 

Security Monitoring, Testing, and Validation

All Vision Technologies’ engineering team is responsible for ensuring that security is a key component of the entire development process. From design reviews, to test cycles, to bug triage, security issues are closely tracked and monitored. All security issues are thoroughly researched, resolved, and then re-tested to ensure they are properly remediated. Additionally, we require key engineering team members to go through secure code development training. Training is delivered at regular intervals or as needed for new hires. This is done to ensure that coding and testing are done with security in mind. 

Customer Segregation

All Vision Technologies Cloud is multi-tenant and does not segment your data from other users’ data. Your data may live on the same servers as another user’s data. We consider your data private and do not permit another user to access it unless you explicitly share it.

Data Retention and Deletion

All Vision Technologies retains your content unless you take explicit steps to delete data, charts, and notes. For information on our retention policies, please refer to the section of our privacy policy, titled “Data Retention and Deletion”. 

Employee Access

No All Vision Technologies employees ever access your private contents including data, charts, and notes you publish to the All Vision Technologies Server unless required for support reasons. Support staff may sign into your account to access settings related to your support issue. When working on a support issue, we do our best to respect your privacy as much as possible, and we only access the published contents and settings needed to resolve your issue.

Maintaining Security

We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.

​

​We have full-time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks, such as XSS-protecting wikis, and ensuring that Pages cannot access cookies.

Credit Card Security

We hand off credit card processing to Stripe. They power online transactions for thousands of businesses and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.

Need to Report a Security Vulnerability?

Publicly disclosing a vulnerability can put the entire All Vision Technologies community at risk. If you have discovered a possible vulnerability, we would greatly appreciate you emailing us at joe@all.vision. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails are immediately sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.