Trust Center

Security at Visage

Security is built into the fabric of our products, team, infrastructure, and processes, so you can rest assured your data is safeguarded.

  • Compliance

    Last updated Wed, Apr 13, 2022
    • CCPA

      Visage is committed to the California Consumer Privacy Act (CCPA). For any CCPA requests, please reach out to

    • GDPR

      Visage is in full support of the General Data Protection Regulation (GDPR). For any GDPR requests, please reach out to

  • Product Security

    Last updated Wed, Mar 9, 2022
    • Audit Logs

      Along with capturing all necessary events as described in "Event Monitoring", effective protocols and supporting measures are to be implemented for ensuring all required events and their associated attributes are logged, recorded, and reviewed as necessary.

    • Role-Based Access Control (RBAC)

      Access rights Access rights to Visage system components are limited to authorized personnel only, with all end-users being properly provisioned in accordance with stated access rights policies and procedures. This includes using all applicable provisioning and de-provisioning forms as necessary, along with ensuring users' access rights incorporate Role-Based Access Control (RBAC) protocols or similar access control initiatives.

    • SSO
    • Google SSO
    • SAML SSO
  • Data Security

    Last updated Wed, Mar 9, 2022
    • Data Encrypted At-Rest

      All Visage data is encrypted in transit and at rest following industry standards. Visage cloud architecture enforces data isolation and segregation.

    • Data Encrypted In-Transit

      All Visage data is encrypted in transit and at rest following industry standards. Visage cloud architecture enforces data isolation and segregation.

  • Privacy

    Last updated Wed, Mar 9, 2022
    • Privacy Policy
    • Data Retention Policy

      Unless otherwise required by law, Visage retains Sensitive & Confidential Data only for as long as necessary to fulfill the purposes for which it is collected and processed, or to meet legal and client contractual obligations.

    • Data Processing Addendum
    • Data Removal Requests
    • Data Protection Officer (DPO)
  • Incident Management & Response

    Last updated Wed, Mar 9, 2022
    • Data Breach Notification
    • Incident Response Plan (IRP)

      Visage incident response policy and supporting procedures are designed to provide Visage with a
      documented and formalized Incident Response Policy & Plan that is to be adhered to and utilized throughout the organization at all times. Compliance with the stated policy and supporting procedures helps ensure the safety and security of Visage system resources.

  • Availability & Reliability

    Last updated Wed, Mar 9, 2022
    • Auto Scaling
    • Data Redundancy
    • Infrastructure Redundancy
    • Quality Assurance Testing

      All Visage modules are tested by our quality assurance team on test servers before it's released for production

    • Service Monitoring

      Visage utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. Visage’s monitoring tools are implemented to detect unusual or unauthorized activities and conditions at ingress and egress communication points.

  • Organizational Security

    Last updated Wed, Mar 9, 2022
    • Confidentiality Agreements
    • Employee Background Checks

      Background checks is inclusive of:

      • Criminal records (including all jurisdictions in which the individual has lived,
        worked, and/or attended school during the last seven (7) years).
      • Credit reports (if deemed necessary per hte job role).
      • Verification reports (e.g., identity, previous employment, education, SSN).
      • Reference checks.
    • Employee Security Training

      All employees within Visage are to undergo annual security awareness training initiatives to ensure they stay abreast of significant security issues that pose a
      credible threat to the organization as a whole, including, but not limited to, Visage's network infrastructure and all supporting system resources.

    • Employee Workstations Automatically Locked

      Unattended computers should be locked or logged off so that the information displayed on the screens cannot be viewed by anyone other than the single user of the computer. Computers should be configured to automatically lock or engage password-protected screensaver after an unattended duration of 15 minutes.

    • Employee Workstations Encrypted

      A security solution that includes a full disk encryption obligation is installed on every Visage internal equipment.

  • Business Continuity

    Last updated Wed, Mar 9, 2022
    • Business Continuity Plan
    • Disaster Recovery Plan

      Disaster Recovery (DR) involves the policies, tools, and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a business disruption.

    • Data Backups

      Visage can restore data thanks to point in time recovery if the data loss is more recent than 7 days. In case of an older data loss, or disaster Visage has access to other backups in different availability zones that can be restored to retrieve specific data. These backups are updated every 24 hours.

  • Infrastructure

    Last updated Wed, Mar 9, 2022

    Visage hosts its application using Amazon Web Services. AWS runs on Amazon’s secure data centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. For additional information visit the AWS Security page :

    • FISMA - Moderate - Data Center
    • ISO 27001 - Data Center
    • PCI-DSS - Level 1 - Data Center
    • SOC 2 Type II - Data Center
    • Sarbanes-Oxley (SOX) - Data Center
    • Physical Access Control - Data Center

      Visage host its applications at Amazon's ISO 27001 and FISMA certified data centers. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

      Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

      For additional information see:

    • Environmental Safeguards - Data Center

      Visage hosts its data and application at Amazon. Amazon utilizes the following safeguards:

      Fire Detection and Suppression

      Automatic fire detection and suppression equipment have been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.


      The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.

      Climate and Temperature Control

      Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.


      Data center staff monitor electrical, mechanical, and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

      For additional information see:

  • Threat Management

    Last updated Wed, Mar 9, 2022
    • Penetration Testing

      The Company's Vulnerability management program includes internal and external scans, penetration testing, remediating issues, and includes identifying and detecting, classifying and prioritizing, remediating, validating, and continuously monitoring vulnerabilities.

    • Vulnerability Scanning

      The Company's Vulnerability management program includes internal and external scans, penetration testing, remediating issues, and includes identifying and detecting, classifying and prioritizing, remediating, validating, and continuously monitoring vulnerabilities.

  • Subprocessors

    Last updated Tue, Jan 25, 2022
    • Name
      Amazon Web Services
      To provide infrastructure services of in the United States
      United States
      To verify email addresses validity and deliverability
      Frankfurt, Germany, EU
      To automate customer email nurturing and provide online chat support
      United States
      To provide transactional mail services
      United States
      To distribute reports
      United States (storage location: Frankfurt, Germany)
      To provide online chat between users
      United States
      To provide reporting services
      United States
      To parse candidate CVs
      United States