Security at Vantage Space
We constantly develop and improve our services, and will update this document to reflect changes in our operations.
Vantage Space provides a service to collect, store and analyze space utilisation data. We understand the value of this information to our customers and the need to maintain security and confidentiality. This document explains how we meet these requirements.
If you have any questions or queries about our service, feel free to contact us by e-mail or through the chat on our web sites.
If you have reason to believe that there may be a security issue with either the Vantage Space mobile app or our online services, please contact us immediately.
We currently use Amazon Web Services (AWS) for application hosting and data storage. AWS is the leading global provider of cloud services, with a ten year record of maintaining highly reliable and secure infrastructure.
AWS is certified for the ISO/IEC 27001 security management standard, the ISO/IEC 27017 standard for cloud security, and HIPAA. For full details on AWS compliance with certifications and frameworks, visit this address:
https://aws.amazon.com/compliance/
Our Web sites automatically use TLS encryption to protect all communications between your Web browsers and our systems. TLS is the successor to SSL. Our TLS encryption is rated grade A by the standard Qualys SSL Labs tests:
https://www.ssllabs.com/ssltest/analyze.html?d=my.vantagespace.com
All communication between our mobile apps and the Vantage Space systems are also protected by TLS encryption.
The Vantage Space service stores data on servers that are hosted in the European Union. Study data is backed up to separate systems on AWS every two hours.
We do not store or directly handle your payment details. Instead, we manage payment processing through Stripe, who are an accredited PCI DSS Level 1 Service Provider with a five year record of delivering exceptional service. Stripe provides their own security statement here:
https://stripe.com/docs/security/stripe
We only share your data with third parties either where we have your express permission to do so, or where there is a specific legal requirement that we must comply with. The only exception is that, to ensure compliance with PCI requirements, your payment details are handled by Stripe, rather than Vantage Space.
Visit this page to view our full privacy policy:
https://my.vantagespace.com/privacy
To see the Stripe privacy policy, visit this page:
https://stripe.com/gb/privacy
All access to the Vantage Space application requires each user to authenticate themselves by username and password. Each user account is assigned a specific role within each organisation that they belong to in Vantage Space which defines how they may access the data for that organisation. No user has access to any data that belongs to an organisation unless they manage the account for that organisation or have been granted access and assigned a role by a manager for that organisation.
Access to the Vantage Space servers is limited to the Vantage Space technical team, and members of the technical team at the hosting provider acting at our request. Remote access is by SSH with key-based authentication - the most secure method available.
We use bug bounty services and other processes to continually review the state of our security. In the event of a security incident, we will directly notify all affected customers so that they can take the appropriate steps.
We are happy to work with you on compliance issues (such as completing vendor security reviews and arranging penetration tests). Contact our support team in the usual way, and they will put you in touch with the appropriate members of our technical staff.
Overview
Vantage Space provides a service to collect, store and analyze space utilisation data. We understand the value of this information to our customers and the need to maintain security and confidentiality. This document explains how we meet these requirements.
Contacting Us
If you have any questions or queries about our service, feel free to contact us by e-mail or through the chat on our web sites.
If you have reason to believe that there may be a security issue with either the Vantage Space mobile app or our online services, please contact us immediately.
Hosting
We currently use Amazon Web Services (AWS) for application hosting and data storage. AWS is the leading global provider of cloud services, with a ten year record of maintaining highly reliable and secure infrastructure.
AWS is certified for the ISO/IEC 27001 security management standard, the ISO/IEC 27017 standard for cloud security, and HIPAA. For full details on AWS compliance with certifications and frameworks, visit this address:
https://aws.amazon.com/compliance/
Data Transmission and Storage
Our Web sites automatically use TLS encryption to protect all communications between your Web browsers and our systems. TLS is the successor to SSL. Our TLS encryption is rated grade A by the standard Qualys SSL Labs tests:
https://www.ssllabs.com/ssltest/analyze.html?d=my.vantagespace.com
All communication between our mobile apps and the Vantage Space systems are also protected by TLS encryption.
The Vantage Space service stores data on servers that are hosted in the European Union. Study data is backed up to separate systems on AWS every two hours.
We do not store or directly handle your payment details. Instead, we manage payment processing through Stripe, who are an accredited PCI DSS Level 1 Service Provider with a five year record of delivering exceptional service. Stripe provides their own security statement here:
https://stripe.com/docs/security/stripe
Privacy
We only share your data with third parties either where we have your express permission to do so, or where there is a specific legal requirement that we must comply with. The only exception is that, to ensure compliance with PCI requirements, your payment details are handled by Stripe, rather than Vantage Space.
Visit this page to view our full privacy policy:
https://my.vantagespace.com/privacy
To see the Stripe privacy policy, visit this page:
https://stripe.com/gb/privacy
People and Access
All access to the Vantage Space application requires each user to authenticate themselves by username and password. Each user account is assigned a specific role within each organisation that they belong to in Vantage Space which defines how they may access the data for that organisation. No user has access to any data that belongs to an organisation unless they manage the account for that organisation or have been granted access and assigned a role by a manager for that organisation.
Access to the Vantage Space servers is limited to the Vantage Space technical team, and members of the technical team at the hosting provider acting at our request. Remote access is by SSH with key-based authentication - the most secure method available.
Handling of Security Breaches
We use bug bounty services and other processes to continually review the state of our security. In the event of a security incident, we will directly notify all affected customers so that they can take the appropriate steps.
Handling Penetration Tests and Other Compliance Requirements
We are happy to work with you on compliance issues (such as completing vendor security reviews and arranging penetration tests). Contact our support team in the usual way, and they will put you in touch with the appropriate members of our technical staff.
Updated on: 08/03/2022
Thank you!