Support Centre

Search

Venngage Vendor Assessment

Krystine
Krystine
  • Updated

This document answers common questions Business and Enterprise customers may have about Venngage’s procedures, security measures, and best practices.

Employee & Internal Security

Does Venngage conduct background checks on its employees?
Yes. All employees undergo a complete background check prior to their start date.

Does Venngage maintain information security policies and monitoring?
Yes. Venngage documents and follows industry best practices for security policies and standard operating procedures.

  • Security is actively monitored.

  • Cyber Insurance Policies are in place.

  • Threat and vulnerability assessments are performed and managed.

  • Access to security systems is restricted, logged, and monitored.

User Accounts & Authentication

What login credentials are required?
Users only need their email and password, plus a verification code if Multi-Factor Authentication (MFA) is enabled.

Are there differences between Business and Enterprise security features?
Yes. Enterprise accounts include enhanced authentication controls such as:

  • Password specifications (length, age, history, complexity).

  • Account lockouts (thresholds and durations configurable).

  • Multi-Factor Authentication via email and/or SMS.

  • Customizable password complexity (upper/lowercase, numbers, special characters).

  • Support for multiple cryptographic hash algorithms (SHA-256, HMAC SHA-256, PBKDF2, Bcrypt, etc.), all salted.

  • Password reuse restrictions.

  • Account locking (automated after failed attempts or manual for suspected compromise).

Application & Infrastructure

Do I need to install software or give Venngage access to my systems?
No. Venngage is a cloud-based SaaS solution, accessible directly through your internet browser. No installation, server login, or device access is required.

Does Venngage provide solution architecture diagrams?
Yes, upon request. Please contact info@venngage.com.

Data Collection & Privacy

What data does Venngage collect?

  • Basic info: your role and organization (for product research).

  • Financial data: collected and stored by Stripe (Venngage is PCI-compliant).

  • User activity: tracked with tools such as Mixpanel and Intercom for product decisions and marketing.

  • Design content: any information included by the user is at their discretion.

Do external parties have access to Venngage’s systems or data?
No. Data is only accessible internally by Venngage staff, and only on a limited, need-to-know basis. Venngage does not sell data to third parties.

When does Venngage access user-created designs?
Only when a user requests support and grants access for troubleshooting.

Data Storage & Transfer

Where is Venngage data stored?

  • All data and infrastructure are US-based.

  • Hosted and encrypted on Amazon Web Services (AWS) US-East-1 (North Virginia).

  • Backups are handled securely by AWS.

  • Stripe manages all financial data storage.

  • Network logs are aggregated and monitored via Amazon CloudWatch.

How is data transferred?

  • All transfers use TLS 1.2 encryption.

  • Data is encrypted both in transit and at rest.

Data Retention & Deletion

How long does Venngage keep user data?
Up to 8 years after last activity, unless a user requests deletion.

Can data be securely deleted?
Yes. Data deletion requests are honored under the “right to be forgotten”.

  • Secure deletion of archived/backed-up data is handled by AWS.

  • Venngage does not maintain physical data copies or on-premise servers.

Data Access & Controls

How does Venngage manage access to data?

  • Identity and access management is role-based and context-based.

  • Principle of least privilege governs access.

  • Network access control is enforced.

  • Venngage mobile devices cannot access Tier-2 data.

  • Systems and data are promptly removed when no longer needed.

Can non-employees access Venngage’s networks?
No. Employees are restricted from connecting to servers via public WiFi. All server access requires a secure VPN connection.

Frequently Asked Questions (FAQ)

1. Does Venngage conduct background checks on employees?
Yes. All employees undergo complete background checks prior to their start date.

2. Where is Venngage’s data stored?
All data is encrypted and hosted on Amazon Web Services (AWS) US-East-1 servers in the United States. AWS also handles secure backups.

3. Does Venngage access my organization’s systems or devices?
No. Venngage is a SaaS solution accessible via browser. We don’t access your internal systems or require additional installations.

4. How long does Venngage retain user data?
Up to 8 years after last activity. Data can be deleted earlier upon request (“right to be forgotten”).

5. Does Venngage sell data to third parties?
No. User data is only accessible to Venngage support staff when necessary (e.g., troubleshooting) and never sold to external parties.

6. What security features are exclusive to Enterprise accounts?
Enterprise plans support customizable MFA, advanced password policies, account lockout rules, and options for cryptographic hashing.

7. Can Venngage provide solution architecture diagrams?
Yes. These can be provided upon request by contacting info@venngage.com.
 

The feature(s) discussed in this article is available on the following Venngage subscription plans: Free, Premium, Business and Enterprise.

Curious about upgrading? Compare our plan features side by side.

Was this article helpful?

7 out of 7 found this helpful

Have more questions? Submit a request