VWO’s enterprise-grade platform has been designed keeping in mind the high level of security expected by world-class businesses. With VWO, you can rest assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.
NOTE: If you wish to host VWO campaign settings on your own server, refer to our Self Hosting option.
Where VWO saves data
- VWO is hosted on Bare Metal Servers managed by IBM SoftLayer, which is SSAE16 certified which store:
- All source-code (in a IBM SoftLayer data center located in Singapore).
- Configuration data on the CDN (in 13 IBM SoftLayer data centers in 8 countries).
- Database cluster (in a IBM SoftLayer data center in the US).
- VWO web-app (in a IBM SoftLayer data center in the US).
- All Production data is stored in IBM SoftLayer data center spread across different locations.
- We do not store any customer data locally.
- The variation configurations required to run the tests for visitors can also be self-hosted on the customer’s servers for added security control.
How VWO protects data
Physical access to the IBM SoftLayer data centers is restricted by IBM SoftLayer. No physical access is allowed to any of the employees of Wingify, the parent company of VWO.
- VWO code is stored in a Stash / Atlassian system hosted by IBM Softlayer in Singapore. VWO employs strict role-based security/passwords for access to the code. Commits to production code are strictly reviewed and approval is restricted to just two people (Chief Technical Officer and Lead Engineer), after passing Unit Testing and QA in Test and Staging.
- The data stored on production servers is accessible only to the Chief Technical Officer and the Lead Engineer. No one else in VWO has access to customer data unless permission access is granted by the Chief Technical Officer or the Lead Engineer to resolve any technical issue or for debugging.
- There is an hourly backup of the database data in SoftLayer data centers.
- You are always connected to the VWO web-app via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.
- You can assign roles and permissions to each user that you add to your account to ensure an appropriate level of access to your VWO account.
- You can restrict access to your VWO account to certain IP addresses.
- You can enable alerts to email you whenever specific activities take place in your account.
- To configure the application access in VWO, refer to Configuring Security Settings in VWO.
VWO conducts regular vulnerability scans against its internal and production systems. We are protected against OWASP top 10 security threats. We welcome customers to conduct their own vulnerability scan if they like, as long as they contact us beforehand for permission.
- VWO is hosted on Bare Metal Servers managed by IBM SoftLayer, which is SSAE16 certified. Historically, we have achieved 100% uptime consistently over the past two years.
VWO is trusted by 4,000+ customers
VWO takes strict measures to ensure that any data stored with us is kept safe. VWO is trusted by large enterprises like AMD, Lenovo as well as financial institutions like Tinkoff Bank, Aussie, ICICI Bank for their conversion optimization requirements.