Infrastructure
Hosting
Vestd uses Amazon Web Services (AWS) to host the Vestd app and store customer data in Ireland (eu-west-1). Copies of backups are also held in the AWS London region (eu-west-2).
Private network
The Vestd app runs inside of a Virtual Private Cloud with strict access controls to ensure only the right traffic reaches our network.
Failures & disaster recovery
The services that make up the Vestd app run across two availability zones (data centres), this means that if there is a failure in one location the application will continue to run.
Backups
Backups are taken at regular intervals and stored in different availability zones and regions, they are also regularly tested to validate the backup and recovery process.
Encryption
Data moving in and out of the app is encrypted with 256-bit encryption and strict transport security (HSTS) is enabled, we also continually review the available protocols to ensure this is kept as secure as possible.
Permissions and access
Engineer access to the AWS system is through a TLS encrypted connection using 2-factor authentication.
Information on AWS’s own data security compliance can be found on AWS Compliance.
Access to underlying data is strictly controlled with only a few select engineers having audited access.
Operational security
Authentication
Logins to Vestd are unique to individuals and should never be shared with anyone, two factor authentication via an authenticator app is available to all users.
Passwords are hashed with bcrypt hashing function and never stored directly.
Staff access
Staff access to the Vestd app is controlled through a non-optional 2-factor authentication or identities managed by Google Workspace.
Staff are educated in the use of strong and unique passwords. All staff computer equipment used to access Vestd data has secure login access and is encrypted at rest.
Auditing
Audit logging captures all activity in the app allowing authorised members of staff to review actions that were carried out and identify changes.
Data storage
Files uploaded to the Vestd app are stored encrypted at rest in the AWS Simple Storage Service with access to these files running through the Vestd app and its security controls which ensure only people with the correct access can see them.
Other data uploaded to the Vestd app is stored in a database with strong access controls using encryption at rest, data is also encrypted as it is transferred from the app servers to the database. Particularly sensitive details such as dates of birth are encrypted by the app and its encryption key using the AES-256 standard before being sent to the database.
Data is regularly backed up and stored with the same security standards as all other customer data.
Data separation
Vestd operates a multi-tenant system and maintains segregation at the application layer with several independent controls and checks ensuring data can only be accessed by the right people.
Data processing
Data is processed primarily in Ireland but we also use some 3rd parties, details on these can be found within our privacy policy and 3rd party processor list.
Code reviews
All changes to the main Vestd app are reviewed by another engineer and are automatically tested to ensure that coding and security standards are maintained.
Our team, content and app can help you make informed decisions. However, any guidance and support should not be considered as 'legal, tax or financial advice.'