Security requirements
1Data Protection Commitment
Vesence agrees to uphold the highest standards of data security to ensure the confidentiality, integrity, and availability of data shared or processed under the Agreement. Vesence will implement appropriate technical and organizational measures to safeguard data, as further detailed below.
2Security Measures
2.1To protect shared data, Vesence commits to the following security measures:
- Authentication & Authorization: Utilizing enterprise-grade identity management solutions, including Microsoft Entra ID integration, token-based authentication, and Role-Based Access Control (RBAC), to ensure secure access to systems.
- Data Encryption: Encrypting all data in transit using TLS 1.3 and at rest using AES-256 encryption within a secure Azure private environment. Vesence will also follow Zero Trust principles to verify and secure any requests for data access.
- Infrastructure Security: Hosting on Microsoft Azure leveraging its built-in compliance, real-time monitoring, and secure framework. Vesence will be SOC 2 Type II certified by Q2 2025.
- Data Retention and Opt-In-Storage: Vesence has turned off Content Filtering and Abuse Monitoring from Microsoft Azure as default. If Customer chooses to create agents in the Web App, Customer has opted in to storage of such data which is always customer controlled and stored on Azure.
- EU Processing: All data processing undertaken by Vesence on behalf of Customer takes place in the European Union.
3Compliance with Laws and Standards
Vesence affirms its adherence to applicable privacy and data protection laws, including GDPR. Furthermore, Vesence will implement industry-recognized controls and ensure that all Customer Data processed by Vesence on behalf of Customer is processed and stored exclusively in the Azure European Central region to comply with international and local data sovereignty laws. Vesence has obtained and maintains a SOC 2 Type II certification.
4Continuous Improvement
Vesence will conduct regular vulnerability assessments to proactively address potential threats. Processes and systems will be updated as necessary to adapt to evolving threats and industry standards.
5Collaboration with Customer
Vesence commits to working collaboratively with the Customer to address any specific security concerns or compliance requirements raised by the Customer. Such collaboration may include providing additional details about Vesence's security architecture, data handling policies, and incident response framework.