At VIVIESCAS, we recognize that the platforms we engineer for creators and agencies house highly sensitive data, including proprietary video content, customer lists, and financial records. We employ enterprise-grade security protocols on every deployment.
Infrastructure Security
We do not manage bare-metal servers. Instead, we utilize industry-leading cloud providers (AWS, Vercel, Supabase) that guarantee SOC 2 Type II and ISO 27001 compliance. All data at rest is encrypted using AES-256, and all data in transit is protected via TLS 1.3.
Application Security
- Authentication: We implement hardened JWT (JSON Web Token) session management or utilize managed identity providers (like Supabase Auth or Auth0) to prevent brute force and session hijacking attacks.
- Database Access: We strictly enforce Row Level Security (RLS) in PostgreSQL. A user can only query or mutate database rows that their specific authentication UUID is authorized to access.
- Content Protection: For video courses and digital assets, we utilize signed URLs with short expirations (e.g., 60 seconds) ensuring that even if a link is shared, it becomes unusable instantly.
Payment Security
VIVIESCAS does not process or store credit card information on our servers. All financial transactions are tokenized and processed via Stripe, which is a certified PCI Service Provider Level 1 (the most stringent level of certification available in the payments industry).
Vulnerability Reporting
If you are a security researcher and believe you have found a vulnerability in one of our systems or a client's deployment, please email us immediately at security@viviescaslabs.com. We operate a coordinated disclosure program and will respond within 24 hours.