Security & Compliance

Enterprise-grade security and data protection. Your data, your learners, and your trust are our top priorities.

Our Security & Compliance Standards

🔒
SSL/TLS Encryption
All data encrypted in transit with TLS 1.3
💳
PCI-DSS Compliant
Level 1 certified payment processors
☁️
ISO 27001 Infrastructure
Hosted on certified Google Cloud Platform
🛡️
UK GDPR Compliant
Full compliance with UK data protection laws
🔐
AES-256 Encryption
Bank-grade encryption for data at rest
📊
SOC 2 Infrastructure
Type II certified cloud services

All certifications independently verified and regularly audited

🔐 Data Encryption & Protection

Your data is protected with multiple layers of encryption, both in transit and at rest.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport layer security protocol. This includes:

  • Login credentials
  • Course content and materials
  • Learner progress and assessment data
  • Payment information
  • Video streaming for live sessions

Encryption at Rest

Data stored on our servers is encrypted using AES-256 encryption, the same standard used by banks and government agencies. This applies to:

  • User account information
  • Course content and files
  • Learner records and certificates
  • Database backups

What does this mean for you?

Even if someone intercepted data in transit or accessed our physical servers, they would only see encrypted, unreadable information. Your data remains secure at all times.

☁️ Enterprise Infrastructure Security

Viizard is hosted on Google Cloud Platform, inheriting world-class security standards and certifications.

Google Cloud Platform Security

By hosting on Google Cloud Platform, Viizard benefits from infrastructure that is:

ISO 27001 Certified

International standard for information security management

SOC 2 Type II Audited

Annual independent security audits

Physical Security

Data centers with 24/7 security and access controls

DDoS Protection

Automatic mitigation of distributed denial-of-service attacks

Network Security

Advanced firewalls and intrusion detection systems

Redundancy

Multiple data centers for high availability

Data Location

All Viizard data is stored within UK and EEA data centers, ensuring compliance with UK GDPR requirements. We do not transfer data outside the UK/EEA without appropriate safeguards.

Learn More About Our Infrastructure

View the full list of Google Cloud Platform security certifications: GCP Compliance Offerings

💳 Payment Security

We never store your payment card details. All payment processing is handled by PCI-DSS Level 1 certified providers.

PCI-DSS Compliance

The Payment Card Industry Data Security Standard (PCI-DSS) is the highest level of security for handling payment card information. Viizard is compliant through our payment processors:

Stripe (PCI-DSS Level 1)

  • Direct integration with Stripe for credit/debit card processing
  • Tokenization ensures card details never touch our servers
  • 3D Secure authentication for additional fraud protection
  • Real-time fraud detection and prevention

PayPal (PCI-DSS Level 1)

  • Secure PayPal integration for alternative payments
  • Buyer and seller protection
  • No card details stored on Viizard infrastructure

How does this protect you?

When you or your learners make a payment, the card information goes directly to Stripe or PayPal's secure servers. Viizard only receives a secure token confirming the payment. This means even if our systems were compromised, no payment card data would be at risk because we never have access to it.

Educator Payment Security

Educators connect their own Stripe or PayPal accounts directly. You maintain complete control over your payment processing, and Viizard never has access to your banking details or the ability to withdraw funds from your account.

🛡️ Application Security

Built on Laravel framework with industry-standard security protections automatically implemented.

Built-in Security Features

CSRF Protection

Cross-Site Request Forgery prevention on all forms

SQL Injection Prevention

Automatic query parameterization via Eloquent ORM

XSS Protection

Cross-Site Scripting prevention with automatic output escaping

Password Hashing

Bcrypt hashing algorithm for secure password storage

Session Security

Secure session management with httpOnly cookies

Rate Limiting

Automatic throttling to prevent brute force attacks

Authentication & Access Control

  • Multi-Factor Authentication: Optional MFA for all user accounts
  • Role-Based Access Control: Granular permissions for educators, learners, and administrators
  • Password Requirements: Minimum 8 characters with complexity enforcement
  • Session Management: Automatic logout after period of inactivity
  • Account Recovery: Secure password reset with email verification

🔒 Data Protection & Privacy

Full compliance with UK GDPR and Data Protection Act 2018.

GDPR Compliance

Viizard is fully compliant with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This includes:

  • Lawful Basis: Clear legal basis for all data processing activities
  • Data Minimisation: We only collect data necessary for platform functionality
  • Purpose Limitation: Data used only for stated purposes
  • Transparency: Clear privacy policies explaining data use
  • User Rights: Full support for data subject rights

Your Data Rights

Under UK GDPR, you have the following rights:

Right What It Means
Right to Access Request a copy of all personal data we hold about you
Right to Rectification Correct inaccurate or incomplete data
Right to Erasure Request deletion of your personal data ("right to be forgotten")
Right to Data Portability Receive your data in a machine-readable format
Right to Object Object to certain types of processing
Right to Restrict Processing Request we limit how we use your data

To exercise any of these rights, contact us at privacy@viizard.com

Data Retention

We retain data only as long as necessary for platform functionality and legal compliance:

  • Account Data: Retained while account is active, plus 2 years after deletion
  • Certificates: Retained indefinitely for verification purposes
  • Payment Records: Retained for 7 years (legal requirement)
  • Analytics Data: Aggregated and anonymised after 26 months

For Organisations: Data Processing Agreements

If you're an organisation requiring a Data Processing Agreement (DPA), we have GDPR-compliant templates available. Contact legal@viizard.com to request one.

💾 Backup & Disaster Recovery

Your data is protected with automated backups and comprehensive disaster recovery procedures.

Automated Backups

  • Frequency: Daily automated backups of all data
  • Retention: Backups retained for 30 days
  • Encryption: All backups encrypted with AES-256
  • Location: Stored in geographically separate data centers
  • Testing: Regular backup restoration tests

Disaster Recovery

In the event of a catastrophic failure, Viizard has comprehensive disaster recovery procedures:

  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 24 hours (last daily backup)
  • Failover Procedures: Documented and regularly tested
  • Communication Plan: Immediate notification to affected users

Business Continuity

Our infrastructure is designed for high availability:

  • Multi-region deployment for redundancy
  • Load balancing across multiple servers
  • Automatic failover to backup systems
  • 99.9% uptime SLA commitment

📊 Security Monitoring & Incident Response

24/7 monitoring and rapid response to security incidents.

Security Monitoring

Viizard employs comprehensive security monitoring to detect and respond to threats:

  • 24/7 System Monitoring: Continuous monitoring of all systems and infrastructure
  • Intrusion Detection: Automated alerts for suspicious activity
  • Log Analysis: Comprehensive logging and analysis of all access attempts
  • Anomaly Detection: Machine learning-based detection of unusual patterns
  • Vulnerability Scanning: Regular automated security scans

Incident Response

In the event of a security incident, we follow a structured response process:

1. Detection & Assessment

Immediate identification and severity assessment of the incident

2. Containment

Quick action to limit the scope and impact of the incident

3. Eradication

Removal of the threat and closure of vulnerabilities

4. Recovery

Restoration of affected systems and verification of security

5. Communication

Notification to affected users within 24 hours of breach discovery (as required by UK GDPR)

6. Post-Incident Analysis

Comprehensive review and implementation of preventive measures

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by UK GDPR. We will also notify the Information Commissioner's Office (ICO) where required.

📋 Compliance for Organisations & Institutions

Additional security and compliance features for organisational deployments.

Available Documentation

For organisations evaluating Viizard, we provide:

  • Data Processing Agreements (DPA): GDPR-compliant contracts
  • Security Questionnaires: Pre-completed for common frameworks
  • Compliance Documentation: Evidence of certifications and audits
  • Subprocessor List: Full disclosure of third-party services
  • Standard Contractual Clauses: For international data transfers (if applicable)

Enterprise Security Features

Additional security options for organisational customers:

  • Single Sign-On (SSO) integration
  • Advanced audit logging
  • Custom data retention policies
  • Dedicated support contact
  • Security training for administrators

Audit Rights

Organisational customers have the right to audit Viizard's security controls. We can provide:

  • SOC 2 Type II reports (from Google Cloud Platform)
  • ISO 27001 certificates (from Google Cloud Platform)
  • Internal security documentation upon request
  • Facilitation of third-party audits (with reasonable notice)

Request Compliance Documentation

Need specific compliance documents or have security questions for your organisation?

Contact Compliance Team

🎖️ Certificate Verification Security

Tamper-proof certificates with QR code verification and public validation.

Secure Certificate Issuance

Every certificate issued through Viizard includes:

  • Unique Identifier: Cryptographically secure unique ID
  • QR Code: Quick verification via smartphone scan
  • Public URL: Verifiable at viizard.com/verify/[certificate-id]
  • Digital Signature: Cryptographic proof of authenticity
  • Immutable Record: Cannot be altered after issuance

Certificate Verification

Anyone can verify a Viizard certificate by:

  1. Scanning the QR code with a smartphone
  2. Visiting viizard.com/verify and entering the certificate ID
  3. Viewing the public portfolio at viizard.com/p/[username]

Verification shows:

  • Certificate holder's name
  • Course title and description
  • Issuing educator/institution
  • Date of issue
  • Certificate status (valid/revoked)

Certificate Revocation

Educators can revoke certificates if necessary (e.g., for academic misconduct). Revoked certificates immediately display as "REVOKED" in the verification system.

🚀 Security Roadmap

Our commitment to continuous security improvement.

In Progress

  • Cyber Essentials Certification: UK government-backed security standard (Q2 2025)
  • Penetration Testing: First comprehensive pen test scheduled (Q2 2025)
  • Security Training Program: Formal security awareness training for all team members

Planned

  • SOC 2 Type II Certification: Company-specific audit (Q3-Q4 2025)
  • ISO 27001 Certification: Full ISMS implementation (2026)
  • Annual Penetration Testing: Ongoing third-party security assessments
  • Bug Bounty Program: Responsible disclosure program for security researchers

Ongoing Commitments

  • Regular security updates and patches
  • Continuous monitoring and threat detection
  • Annual security audits
  • Staff security training and awareness
  • Transparent communication about security practices

Security Updates

We'll update this page as we achieve new certifications and implement additional security measures. Subscribe to our newsletter to stay informed about security enhancements.

🔍 Responsible Disclosure

Found a security vulnerability? We want to hear from you.

Report a Security Issue

We take security seriously and appreciate the security research community's help in keeping Viizard safe. If you've discovered a security vulnerability, please report it responsibly:

How to Report

  1. Email detailed information to security@viizard.com
  2. Include steps to reproduce the vulnerability
  3. Provide any relevant screenshots or proof-of-concept code
  4. Allow us reasonable time to address the issue before public disclosure

What to Expect

  • Acknowledgement: Within 24 hours
  • Assessment: Initial severity assessment within 48 hours
  • Communication: Regular updates on resolution progress
  • Resolution: Fix deployed based on severity (critical: <7 days, high: <30 days)
  • Recognition: Credit in our security acknowledgements (if desired)

Guidelines

We ask that security researchers:

  • Do not access or modify data belonging to other users
  • Do not perform actions that could degrade service for others
  • Do not publicly disclose the vulnerability before we've had time to fix it
  • Act in good faith to avoid privacy violations and disruptions

Safe Harbor

We will not pursue legal action against security researchers who discover and report vulnerabilities in accordance with these guidelines.

📧 Contact Our Security Team

Have questions about our security practices? We're here to help.

Security Contacts

Purpose Contact
Security Vulnerabilities security@viizard.com
Privacy & Data Protection privacy@viizard.com
Compliance Documentation compliance@viizard.com
General Security Questions Contact Form

Related Resources

Need More Information?

If you're evaluating Viizard for your organisation and need specific security documentation, we're happy to help.

Get in Touch