Security Procedures

From Veridu


General

Veridu is committed to designing, building and maintaining secure systems. As Identity providers, security is one of the biggest considerations in everything we do. If you have any questions, or encounter any issues, please contact us at [email protected].

Privacy

Veridu maintains a comprehensive privacy programme. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.

  • We do not share the personal information of our users to third parties without the users explicit instruction and consent to do so.
  • Veridu is registered with the Information Commissioners Office with registration number: ZA042434.
  • You can find our privacy policy here:

Hosting Environment

Linode hosts Veridu's production systems.

Read Linode's Compliance for more information.

Encryption

Veridu uses strong encryption methods and key management procedures to ensure your sensitive information is protected.

  • Veridu's website and APIs are accessible via a 256-bit SSL certificate issued by Comodo.
  • Access to encryption keys is held by the smallest number of Veridu employees possible.

Disclosure

We rapidly investigate all reported security issues. If you believe you've discovered a bug in Veridu's security, please get in touch at [email protected]. We guarantee a (non-automated) response within 24 hours, and usually faster. We request that you not publicly disclose the issue until it has been addressed by Veridu.

SSL

Veridu forces HTTPS for all services, including our public website. We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support.

Encryption

All data is encrypted on disk with AES-128. Decryption keys are stored on separate machines. Veridu's infrastructure for storing, decrypting, and transmitting profile data runs in separate hosting infrastructure, and doesn't share any credentials with Veridu's primary services (API, website, etc.).