Privacy, Hosting and Security Whitepaper

Privacy

We take your privacy very seriously because anytime you use IVET, you trust us with your information. To protect your privacy, IVET follows this principle in accordance with world-wide practices for your privacy and data protection. This Privacy Policy describes what data we collect, why we collect it, and what we do with it.
Our privacy policy is viewable to all parties at: http://ivetsystem.com/privacy-policy.php

Cloud based

The benefits of cloud based visitor management include:

  • Central off site data backup – Our reliance on global infrastructure ensures means you are not vulnerable to theft or damage of your visitor data and is available from multiple devices in case of an emergency
  • Visitor books display private information to other visitors when signing-in. IVET app is very private and does not display other visitor detail
  • Costs of implementation and running are lower than on premise solutions
  • Integrations with other services – safety, induction, access
  • Consistency of service

Reliability

Our cloud architecture with every service tier is spread across availability zones (data centers) within the Hostgator Hosting service. IVET runs regular data backups. In the highly unlikely event of a service outage, all data is kept on the IVET system. We have never lost a customer’s data.

Device data storage

As part of our security measures, IVET does not store any visitor data on the Device or app. In the unlikely event of theft or loss of the device, no visitor data will be recoverable from the devices, simply because, no visitor data is stored on the devices.

Data Security and trusted infrastructure

Once captured, the visitor data is transferred securely using HTTPS (SSL connection) from the IVET app and dashboard to secure cloud servers. IVET protects against possible denial-of-service (DoS) attacks using CloudFlare’s advanced DDoS protection.

Encryption

Data transmission is encrypted using AES-256 encryption. Encryption keys are dynamically generated; post and get parameters are abstracted. Database connection strings are kept separately with a strict access policy and audit logging. IVET API layer security has strict permission rules to prevent unauthorized database connections.

We have policies that require employees to never store production data locally nor in test environments.

Passwords

All passwords are md5 hashed. You can only reset a password, not retrieve it. Additionally, users are notified when their password is reset or changed.

Good passwords are hard to guess. We recommend that you use a combination of uncommon words or inside jokes, non-standard upper-casing, creative spelling, and non-obvious numbers and symbols in your password.

Administrator Access

IVET Administrator accounts are private, password-protected accounts only accessible by the authorized administrator with 2D SMS validation. Your visitor data is securely held in the cloud and is your private data. We also utilize AES-256 to encrypt all data transmitted between devices and our server.

Access to Customer Data

IVET staff do not access or interact with customer data or applications as part of normal operations. There may be cases where IVET staff is requested to interact with customer data or applications at the request of the customer for support purposes or where required by law. IVET staff may also inspect customer data to debug and troubleshoot platform issues.

Staff Access

We have a strict policy that IVET staff only access our customer's data when absolutely necessary to ensure account functionality. Employees are required to use strong passwords.

Auditing

IVET maintains a detailed audit history of all data entry and modifications, coupled closely with WHO changed the data, WHEN it was changed, WHERE it was changed from and WHAT was changed.