Security

Last Updated: December 24, 2025

1. Our Commitment to Security

At ViziSlides, security is a top priority. We are committed to protecting your data and maintaining the trust you place in us. This page outlines our security practices, measures, and policies to keep your information safe.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols. This ensures that your data cannot be intercepted or read by unauthorized parties during transmission.

  • TLS 1.2 or higher for all connections
  • Strong cipher suites and perfect forward secrecy
  • HTTPS enforced across all pages and API endpoints
  • HSTS (HTTP Strict Transport Security) enabled

2.2 Encryption at Rest

Your data stored on our servers is encrypted at rest using AES-256 encryption, one of the strongest encryption standards available.

  • Database encryption for all user data
  • Encrypted file storage for presentations and media
  • Encrypted backups with secure key management

3. Authentication and Access Control

3.1 User Authentication

  • Secure Password Storage: Passwords are hashed using bcrypt with salt
  • Password Requirements: Minimum length and complexity requirements
  • Multi-Factor Authentication (MFA): Optional 2FA for enhanced account security
  • Session Management: Secure session tokens with automatic expiration
  • OAuth Integration: Secure third-party authentication options

3.2 Access Controls

  • Role-based access control (RBAC) for team features
  • Principle of least privilege for internal systems
  • Regular access reviews and permission audits
  • Automatic session timeout after inactivity

4. Infrastructure Security

4.1 Cloud Infrastructure

Our services are hosted on secure, enterprise-grade cloud infrastructure with:

  • SOC 2 Type II certified data centers
  • Physical security controls and monitoring
  • Redundant systems for high availability
  • Geographic distribution for disaster recovery
  • Regular infrastructure security updates

4.2 Network Security

  • Firewalls and intrusion detection systems
  • DDoS protection and mitigation
  • Network segmentation and isolation
  • VPN access for administrative functions
  • Regular security scanning and penetration testing

4.3 Application Security

  • Secure coding practices and code reviews
  • Input validation and sanitization
  • Protection against common vulnerabilities (OWASP Top 10)
  • Regular security updates and patches
  • Automated security testing in CI/CD pipeline

5. Data Protection

5.1 Data Backup

  • Automated daily backups of all user data
  • Encrypted backup storage in multiple locations
  • Regular backup restoration testing
  • Point-in-time recovery capabilities

5.2 Data Isolation

  • Logical separation of customer data
  • Secure multi-tenancy architecture
  • Database-level access controls
  • API rate limiting and abuse prevention

5.3 Data Retention and Deletion

  • Secure data deletion when accounts are closed
  • Compliance with data retention policies
  • Secure disposal of physical media
  • Right to erasure upon request

6. Monitoring and Incident Response

6.1 Security Monitoring

  • 24/7 security monitoring and alerting
  • Real-time threat detection and analysis
  • Automated anomaly detection
  • Comprehensive logging and audit trails
  • Regular security log reviews

6.2 Incident Response

We maintain a comprehensive incident response plan that includes:

  • Dedicated security incident response team
  • Defined procedures for incident detection and containment
  • Rapid response protocols for security events
  • Post-incident analysis and remediation
  • Notification procedures for affected users

6.3 Breach Notification

In the unlikely event of a data breach, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about the nature and scope of the breach
  • Outline steps taken to address the breach
  • Offer guidance on protective measures
  • Comply with all applicable breach notification laws

7. Compliance and Certifications

We are committed to maintaining compliance with industry standards and regulations:

  • GDPR: General Data Protection Regulation compliance
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2: Service Organization Control 2 certification (in progress)
  • ISO 27001: Information security management standards
  • PCI DSS: Payment Card Industry Data Security Standard (for payment processing)

8. Third-Party Security

8.1 Vendor Management

We carefully vet all third-party service providers to ensure they meet our security standards:

  • Security assessments before vendor onboarding
  • Contractual security requirements and SLAs
  • Regular vendor security reviews
  • Data processing agreements (DPAs) in place

8.2 AI Model Providers

Our AI integrations (OpenAI, Google Gemini, Ollama) are subject to:

  • Secure API connections with authentication
  • Data minimization in API requests
  • Compliance with provider security policies
  • Regular review of provider security practices

9. Employee Security

  • Background Checks: Security screening for employees with data access
  • Security Training: Regular security awareness training for all staff
  • Access Controls: Strict access controls and monitoring for internal systems
  • Confidentiality: Non-disclosure agreements and confidentiality policies
  • Offboarding: Immediate access revocation upon employee departure

10. Vulnerability Management

10.1 Security Testing

  • Regular vulnerability scanning and assessment
  • Annual third-party penetration testing
  • Code security reviews and static analysis
  • Dependency scanning for known vulnerabilities

10.2 Patch Management

  • Timely application of security patches
  • Regular updates to dependencies and libraries
  • Emergency patching procedures for critical vulnerabilities
  • Testing before production deployment

11. Responsible Disclosure

We welcome reports of security vulnerabilities from the security research community. If you discover a security issue, please:

  • Email us at security@vizislides.com with details
  • Provide sufficient information to reproduce the issue
  • Allow us reasonable time to address the vulnerability
  • Avoid accessing or modifying user data
  • Do not publicly disclose the issue until we've addressed it

We commit to:

  • Acknowledge receipt of your report within 48 hours
  • Provide regular updates on our progress
  • Credit you for the discovery (if desired)
  • Work with you to understand and resolve the issue

12. User Security Best Practices

While we implement robust security measures, you can also take steps to protect your account:

  • Use a strong, unique password for your account
  • Enable multi-factor authentication (MFA)
  • Keep your email account secure
  • Log out when using shared or public computers
  • Be cautious of phishing attempts
  • Regularly review your account activity
  • Report suspicious activity immediately
  • Keep your devices and software updated

13. Security Updates

We continuously improve our security practices. This page is updated regularly to reflect our current security measures. For the latest information, please check back periodically.

14. Contact Us

For security-related questions, concerns, or to report a vulnerability:

  • Security Team: security@vizislides.com
  • General Support: support@vizislides.com
  • Privacy Inquiries: privacy@vizislides.com
  • Website: https://vizislides.com