We answer any questions you may have as a potential Business or Enterprise customer about Venngage's procedures and best practices.
Does Venngage conduct background checks on its employees?
Yes, Venngage performs complete background checks on all employees prior to their start date with Venngage.
Does Venngage keep a documented set of information security policies and procedures? Is there a security monitoring system in place?
Yes, Venngage monitors security and internally documents and follows best practices for documenting and revising our security policies and standard operating procedures. We have established Cyber Insurance Policies, as well as procedures to manage threat and vulnerability assessment tools, and the data they collect.
We follow best practices and protocols to prevent data exfiltration, mitigate the effects of unauthorized access or exfiltrated data, and ensure the privacy and integrity of our information.
Venngage actively restricts, logs, and monitors access to our information security management systems.
Are there any user account credentials or login information required for this purpose/user authentication information?
Users of the application will only need to know their own email and password for their account, in addition to the code that is sent as part of any Multi-factor Authentication (MFA) challenge.
Is there a difference between the Business and Enterprise plans in terms of security?
Our normal authentication system requires the user to create one single-length and complexity password. We support additional features like password controls (specifications like minimum length, age, history, complexity) and account lockout (lockout threshold, lockout duration) for Enterprise accounts.
Enterprise teams are able to customize these settings for only their Enterprise group members, including:
-
Adding Multi-Factor Authentication using emailed and/or SMS codes. The length and complexity of these codes can be set.
-
Setting different minimum/maximum password lengths.
-
Setting different required characters for passwords - upper and lowercase, special characters, and numbers.
-
Choice of cryptographic hash, including SHA-256, MD5, HMAC SHA-256, PBKDF2 with SHA-256, and Bcrypt. All options are salted.
-
Ability to reject any of the last # of reused passwords, the number being customizable.
-
Locking of accounts after failed authentication (the number of failed attempts and the time period to check are both customizable).
-
Ad-hoc locking of accounts, as needed (i.e., account suspected to be compromised, we can lock a user for the tenant).
Are there any pre-requisites to launch the application (e.g., server or database login information, redistributable package files, or other dependencies)? Does Venngage need to access our devices or systems, or process our internal data?
Venngage offers a Cloud-based Software as a Service (SaaS) solution. Our product is accessible from your internet browser, with no software install required.
Venngage does not access your internal systems, environment, tools or process your data to grant access to our product or perform our proposed services.
Does Venngage offer SaaS solution architecture diagrams?
We can provide solution architecture diagrams upon request. Please contact info@venngage.com to request them.
What data does Venngage collect and how? Do external parties have access to Venngage's systems or data?
The only personal information Venngage asks for is your role and organization. These are used solely for product research purposes.
All financial information is collected and stored by Stripe, and Venngage is PCIe compliant in our handling of this data.
Venngage tracks user actions on our site (Mixpanel/Intercom) in order to better inform us when it comes to making product decisions, and for marketing communications purposes.
Any other information collected is provided by the user, whatever they include in their designs etc., any sensitive/private information in their designs is put there at their own risk.
Venngage is able to access user-created designs (and therefore the data in them). However, we only ever access these designs when support is requested with our support team.
Venngage does not sell to any third parties. The data is only accessible by Venngage, and not even everyone at Venngage has administrative access.
Where is Venngage's data stored and transferred? Do you use any external Cloud storage solutions? Is the data backed up or stored anywhere offsite?
All Venngage data and infrastructure is US-based, encrypted and hosted on Amazon Web Services (AWS) US-East-1 servers in a data center. AWS handles encrypted back-ups to storage servers in North Virginia.
Venngage also uses Stripe as our payment gateway, which stores users' financial information. No other third-party service has access to user data. Learn more about the third-party data Venngage collects and shares.
We use Amazon CloudWatch as our SIEM tool for log aggregation and network monitoring.
All Venngage's data is stored on our AWS servers and data is transferred via best practice protocols, TLS 1.2. All data transfer outside of our network is encrypted in transit.
How do you handle data destruction for our data, old disk drives, and removable media?
We don't store/own any physical data copies. Any data stored on AWS servers can be deleted if requested; we abide by a user's "right to be forgotten".
Do you support secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data? How long is data retained until it is deleted?
Secure deletion is handled by AWS, we don't own any onsite/private servers. In accordance with our Terms of Service, we will keep user data for up to eight years after their last activity. However, if a user requests that we delete their data, we abide by the "right to forget".
How does Venngage access my user data/my organization's data?
The only personal information Venngage asks for is your role and organization, this is used solely for product research purposes. All financial information is collected and stored by Stripe, and Venngage is PCIe compliant in our handling of this data.
Venngage tracks user actions on our site through third-party apps in order to better inform us when it comes to making product decisions, and for marketing communications purposes. Any other information collected is provided by the user, whatever they include in their designs etc., any sensitive/private information in their designs is put there at their own risk.
Venngage is able to access user-created designs (and therefore the data in them). However, we only ever access these designs when support is requested with our support team.
Venngage does not sell to any third parties. The data is only accessible by Venngage, and not even everyone at Venngage has administrative access.
Can anyone, including non-employees, access Venngage's computers or networks?
No. Venngage has a policy in place that restricts employees from connecting to our servers via public WiFi (like a coffee shop or library). Connection to our servers can only be established via secure Virtual Private Network (VPN).
How does Venngage manage access to data?
Venngage uses an identity management system (enabling classification of data for a tenant) that enables both role-based and context-based entitlement to data. We have implemented network access control.
Access on applications, operating systems, databases, and network devices is provisioned according to the principle of least privilege. Venngage mobile devices are not able to access T2 data.
Venngage has controls in place to ensure the timely removal of systems and data that we no longer require for business purposes.
Curious about upgrading? Compare our plan features side by side.