How does Versational keep user information/data safe? - Security

How does Versational keep user information/data safe? - Security

Versational has a robust Security policy to secure user data and the product insfrastructure from malicious attacks. Below are responses to some common questions security-related questions.

Data security and storage

1. Where is your data stored and how safe is it? 

  1. The Versational solution is deployed in Amazon Web Services (AWS) cloud. There are no endpoints exposed outside of the AWS cloud environment. 
  2. Our production and staging environments are in a Virtual Private Cloud and our database is hosted in AWS RDS.
  3. AWS supports 89 security standards and compliance certifications including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, NIST 800-171, SOC 2 Type II and ISO 27001. More than any other cloud provider, our solutions are hosted in one of the most secure environments among all public cloud service providers. 

2. Can your data be stored in your own private cloud or data center?

  1. Yes. This is currently available for enterprise customers only.
  2. We understand that your meeting data is mission-critical and some conversations can be highly confidential. We've designed our infrastructure to be completely deployable in your own organization's cloud or data center.
  3. This does not include the few third party services that Versational uses.
  4. You can request a copy of the high-level architecture diagram. Please email info@versational.ai or contact us.

3. Can the Versational internal team access your data?

  1. Versational employees do not have access to production customer recording data by default.
  2. Usually access to meeting data is not required even for support purposes.
  3. However, if during a support request, access to meeting data is deemed essential, then permission is requested from the user with justifiction for why meeting data is required.
  4. We apply the principle of least privilege in our access controls mechanism to sensitive data. Access to sensitive data is based on a need-to-know basis and is strictly monitored and audited.

4. Is it possible to delete or remove any data?

  1. You can delete your meetings from the Versational app. See Single or Batch deletion of recordings.
  2. Deleted meeting recordings cannot be recovered. They are permanently removed from the database.

5. What calendar data do you access when you integrate with Google or Microsoft Outlook calendars?

  1. We use OAuth 2.0 to authenticate with Google or Microsoft to integrate your calendar with Versational.
  2. Versational takes the meeting title from your calendar data and uses it as the title for the meeting recording.

6. What data do you collect from our calls to improve your analysis and insights accuracy?

  1. It is restricted to only data related to the meeting and nothing else.
  2. We keep track of your edits to the AI-Gems and questions you are asking AI-Ally to help provide you a personalized experience.
  3. Your edits and questions are fed back to our Machine Learning pipeline to improve the AI-Gems models and our AI-Ally Q&A bot. This is to increase their accuracy and provide you with a better experience and personalized question suggestions.

Compliance and Security

SOC 2 Type II and GDPR Compliance

1. What is SOC 2 compliance?

  1. The American Institute of Certified Public Accountants' SOC 2 is an auditing process that ensures a company securely manages data and protects the privacy of its clients.
  2. It defines criteria for handling customer data based on five trust service principles, which are security, processing integrity, availability, confidentiality, and privacy.

2. What is GDPR compliance?

  1. Similarly, we are General Data Protection Regulation (GDPR) compliant. GDPR is the world's most widespread privacy and security law and includes guidelines for collecting, processing, and storing the personal information of individuals inside the European Economic Area.

In accordance with our uncompromising stance toward the security and confidentiality of your data, we are hosted on Amazon AWS who are SOC 2 Type II and GDPR compliantThis means our organization has the infrastructure, tools, and processes to protect customer data from unauthorized access both from within and outside the firm.

For details on Versational security policy, please email info@versational.ai or contact us.

Versational Product and Feature Design for Privacy and Security

Versational architecture

  1. Versational is deployed on AWS and utilizes services that use industry-grade security standards.

User Settings

  1. Versational platform uses the privacy-by-design approach. Therefore, a meeting recording is owned by the user who uploads or records the meeting.
  2. When the user shares the recording, internally or externally, the recording ownership remains with the user who shares the recording. Recipients of the share cannot edit or re-share the recording.
  3. That owner of the recording can revoke a share from a particular user at any time.

Privacy Settings

  1. Versational platform provides the ability for individual users to control who can view their meeting insights and analysis.
  2. Recording owners can share recording internally to specific team members or externally to specific users who are not within the team.
  3. Non-Versational users will only be presented with the guest view which contains a small subset of the complete analysis of the recording.  

Vulnerability Management

  1. Versational is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities.
  2. Its infrastructure is regularly reviewed with AWS Security consultants to ensure that the best security practices are followed.
  3. However, in the highly unlikely event that any information under our control is compromised because of a breach of a security, we will take steps to investigate the situation and when appropriate, notify those individuals whose information may have been compromised and take steps, in accordance with any applicable laws and regulations.

Monitoring

AWS CloudWatch is used for monitoring the complete solution stack in Production. Since we use AWS services for the key components of the system, such as AWS Fargate, ECS, ECR, RDS, ELB, these services export status data to CloudWatch. Sentry is used for real-time performance and issue monitoring setup for the ML models. Issues that are encountered are notified via emails to a specified email address.

Backup and Recovery

The entire application stack is backed up daily by AWS backup and recovery services. Backups are stored for 7 days and are then discarded.






    • Related Articles

    • I cannot install the Versational App from MSFT Teams Marketplace. What’s wrong?

      Unfortunately, there could be a number of reasons preventing you from installing the App from MSFT Teams Marketplace. At times, IT administrators can apply group policies (Microsoft access configurators) to: 1. Completely disable access to MSFT Teams ...

    • Why am I unable to record a call after downloading the Versational App?

      Congratulations on downloading the Versational App from the MSFT Teams Marketplace! However, it must be disappointing to see the ’Start Recording’ button greyed out or disabled. Although this has nothing to do with the Versational App itself, it does ...

    • How to use Versational with HubSpot in 2 clicks

      With Versational's HubSpot integration, capturing insights for your HubSpot contacts takes only two clicks. You'll be able to easily view and manage contact interactions in your calls. For installation, refer to this article. How to Use Viewing Your ...

    • How to use Versational with Salesforce in 2 clicks

      With Versational's Salesforce integration, capturing insights for your Salesforce contacts takes only two clicks. You'll be able to easily view and manage contact interactions in your calls. For installation, please go through this article. How to ...

    • Do Ad blockers interfere with Versational display results?

      Will ad blockers in browser extensions interfere with Versational display results? Occastionally, certain ad blockers will interfere with Versational display results, such as the video tours icon (results page). We recommend that you disable your ...