Given the volume of inbound enquiries and the time requirements of responding to security questionnaires we are only able to respond to enquiries from users purchasing our Enterprise plan (you can learn more about the Enterprise plan here.
VEED offers services through its apps. These apps are either hosted in the cloud (such as the online video editor) or run locally on a user’s device (such as chrome extensions, desktop apps and mobile apps)
We aim to keep the collation and use of personal data to a minimum. However, the efficient operation of our services requires us to request and store personal data. The personal data transferred may include the following categories of data:
Direct identifying information (e.g. email address)
Indirect identifying information (e.g. employer and job title)
Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs)
Any personal data supplied by users of VEED's services (e.g. videos featuring a user).
To provide our services VEED uses a number of sub-processors to assist with, for example, the hosting, security, analysis, enhancement of data. You can find a list of data subprocessors here. Please note, while we try to keep this list constant it is liable to change as we may need to change or add new sub-processors in the future.
VEED’s servers are located in the EU (we use Google Cloud Platform - West 1). However, we use a number of sub-processors to provide our services. You can find a list of the sub-processors (as well as the region they primarily operate in) here.
Yes. Data protection forms an important part of the design and implementation of our services. We provide strong data security to all users by default, we only use data sub-processors that meet our security standards and we aim to limit the amount of data we collect and store.
Yes, we comply with GDPR and the CPPA. We have users from all over the world and are therefore required to abide by local data privacy laws and regulations. GDPR in the EU and UK is widely considered to be the most stringent privacy regulation regime. Complying with GDPR typically means a company will also be compliant with other international privacy regulations.
We have incorporated the European SCC into our Data Processing Agreements (DPAs). DPAs are available for Enterprise plan customers.
Legislation around data access by authorities is continually changing. Certain jurisdictions may legally require us (or our subprocessors) to provide access to the data that we hold. While we take precautionary measures to safeguard data (such as encryption and access notification requests) we are unable to guarantee that an authority will not access the data.
The following is a list of controls that is indicative of VEED’s security measures. These will vary from time to time as our security requirements change but we will endeavor to keep this list up to date.
VEED aims to secure access to private data by users, employees and subprocessors, with controls such as:
Password procedures (including 2FA, password complexity, single sign on)
Restricting system access to an approved list of people
Differentiated access rights defined according to duties
We maintain records of access rights and logs of access
We try to safeguard data we process using the following measures:
We use market leading infrastructure providers (Google Cloud Platform, GCP)
The data is encrypted in transit and at rest (using Advanced Encryption Standard / Transport Layer Security)
Our data is backed up routinely in different locations using GCP’s infrastructure
We have firewalls in place to ring fence the data
We use encrypted connections between apps and back-end servers
We log user access to VEED's services
We have an audit trail of activities within cloud service providers
Personal data is only collected when necessary, is pseudonymised where possible and is removed or anonymised in a timely fashion when no longer needed
We aim to keep the data we process available and reliable. We using the following controls
The ability to restore services in case of system interruption
The use of system fault reporting
The use of off-site services and cloud services for data storage
We review our security measures regularly. We have appointed a Data Protection Officer to oversee the appraisal, implementation, review and testing of our data protection measures on a regular basis.
In case of a security breach or a data loss incident we have an Incident Response Plan in place. This requires us to restore the data integrity and security, analyse the data loss and notify any impacted parties within 72 hours of the incident discovery.
We run daily security sweeps on our apps to ensure that their security has not been compromised. We also employ third parties to carry our security tests on our software. This is done at least once every 12 months. If you would like to conduct a security audit then please contact our Enterprise team.
VEED’s default method of login is to use a ‘magic link’ or a third party login such as Google’s sign in button. We also offer SSO options for Enterprise plan users (please contact the Enterprise team to learn more).
VEED’s DPO is Tim Mamedov. You can reach them through our support channels (eg: chat support or emailing firstname.lastname@example.org) and clearly marking the message for the attention of the DPO.