Security

The VIP platform implements comprehensive security measures to protect user data and ensure compliance with data protection regulations. Security and privacy are core elements of the platform's design and implementation.

Data Protection

Encryption

  • All connections between mobility operators' APIs, data storage environments, cloud servers, and the VIP platform are secured via TLS protocol
  • All data at rest is encrypted using AES256 protocol with centrally managed encryption keys
  • Data in transit is encrypted and authenticated using IPsec tunnel and VPN gateway technology

Data Storage

  • All platform data is processed and stored in Europe (AWS data centers in Frankfurt, Germany)
  • Implementation follows privacy-by-design and privacy-by-default principles of GDPR
  • Hermetic separation of client data through AWS cloud solution architecture
  • Dedicated server instances that are not shared with or reused by third parties

Access Control

  • Strong authentication measures for platform access
  • Minimum 12-character passwords required, including upper and lower case letters, numbers, and special characters
  • Multi-factor authentication for enhanced security
  • Role-based access control limiting data access to authorized users only
  • Geographical connection restrictions and temporary access tokens
  • Comprehensive logging of all system access and activities

GDPR Compliance

Privacy Measures

  • Appointed Data Protection Officer
  • Regular Data Protection Impact Assessments (DPIA)
  • Data minimization and storage limitation policies
  • Pseudonymization and anonymization techniques for sensitive data
  • Vehicle identifiers anonymized using RAPPOR algorithm to prevent re-identification

Data Rights Management

  • User control over personal data
  • Ability to modify or delete account information
  • Clear processes for exercising data subject rights
  • Transparent data processing agreements

Platform Security

Infrastructure

  • AWS services certified to ISO 27001, ISO 27017, and ISO 27018 standards
  • SOC Type II certified security protocols
  • DDoS protection systems
  • Web Application Firewall (WAF) implementation
  • Single secure entry point with multiple security layers

Monitoring

  • Continuous monitoring of platform access and usage
  • Detailed logging of network flows
  • Configuration checks based on predefined security rules
  • Active threat detection systems
  • Regular security audits and assessments

The VIP platform's security framework is regularly reviewed and updated to address emerging threats and maintain compliance with evolving data protection regulations.
For specific security inquiries or to report security concerns, please contact our security team.