Security FAQs

Can I speak to someone about our security requirements?

How does VEED process data?

VEED offers services through its apps. These apps are either hosted in the cloud (such as the online video editor) or run locally on a user’s device (such as chrome extensions, desktop apps and mobile apps)

What categories of personal data does VEED use?

We aim to keep the collation and use of personal data to a minimum. However, the efficient operation of our services requires us to request and store personal data. The personal data transferred may include the following categories of data:

• Direct identifying information (e.g. email address)
  

• Indirect identifying information (e.g. employer and job title)
  

• Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs)
  

• Any personal data supplied by users of VEED's services (e.g. videos featuring a user).
  

What does VEED use the data for (what are the ‘purposes’ for data processing)?

Please refer to our Privacy Policy for a full list of data processing purposes. You can find it here.

Does VEED use data sub-processors?

To provide our services VEED uses a number of sub-processors to assist with, for example, the hosting, security, analysis, enhancement of data. You can find a list of data subprocessors here. Please note, while we try to keep this list constant it is liable to change as we may need to change or add new sub-processors in the future.

Where is the data processed?

VEED’s servers are located in the EU (we use Google Cloud Platform - West 1). However, we use a number of sub-processors to provide our services. You can find a list of the sub-processors (as well as the region they primarily operate in) here.

Do you practice data protection by design and by default?

Yes. Data protection forms an important part of the design and implementation of our services. We provide strong data security to all users by default, we only use data sub-processors that meet our security standards and we aim to limit the amount of data we collect and store.

Do you comply with GDPR and CPPA privacy laws?

Yes, we comply with GDPR and the CPPA. We have users from all over the world and are therefore required to abide by local data privacy laws and regulations. GDPR in the EU and UK is widely considered to be the most stringent privacy regulation regime. Complying with GDPR typically means a company will also be compliant with other international privacy regulations.

Are there European Standard Contractual Clauses (SCC) in place as legal basis for the processing? 

We have incorporated the European SCC into our Data Processing Agreements (DPAs). DPAs are available for Enterprise plan customers.

Can state authorities by law oblige you to give them access and/or to hand out data which is processed? 

Legislation around data access by authorities is continually changing. Certain jurisdictions may legally require us (or our subprocessors) to provide access to the data that we hold. While we take precautionary measures to safeguard data (such as encryption and access notification requests) we are unable to guarantee that an authority will not access the data. 

What security and availability controls does VEED have in place?

The following is a list of controls that is indicative of VEED’s security measures. These will vary from time to time as our security requirements change but we will endeavor to keep this list up to date.

Access controls

VEED aims to secure access to private data by users, employees and subprocessors, with controls such as:

• Password procedures (including 2FA, password complexity, single sign on)
  

• Restricting system access to an approved list of people
  

• Differentiated access rights defined according to duties
  

• We maintain records of access rights and logs of access
  

Data storage, transfer and logging

We try to safeguard data we process using the following measures:

• We use market leading infrastructure providers (Google Cloud Platform, GCP)
  

• The data is encrypted in transit and at rest (using Advanced Encryption Standard / Transport Layer Security)
  

• Our data is backed up routinely in different locations using GCP’s infrastructure
  

• We have firewalls in place to ring fence the data
  

• We use encrypted connections between apps and back-end servers
  

• We log user access to VEED's services
  

• We have an audit trail of activities within cloud service providers
  

• Personal data is only collected when necessary, is pseudonymised where possible and is removed or anonymised in a timely fashion when no longer needed
  

Availability controls

We aim to keep the data we process available and reliable. We using the following controls

• The ability to restore services in case of system interruption
  

• The use of system fault reporting
  

• The use of off-site services and cloud services for data storage
  

Data protection review and management

We review our security measures regularly. We have appointed a Data Protection Officer to oversee the appraisal, implementation, review and testing of our data protection measures on a regular basis.

Do you have an Incident Response Plan and notification deadlines?

In case of a security breach or a data loss incident we have an Incident Response Plan in place. This requires us to restore the data integrity and security, analyse the data loss and notify any impacted parties within 72 hours of the incident discovery. 

Do you have routine security tests and audits?

We run daily security sweeps on our apps to ensure that their security has not been compromised. We also employ third parties to carry our security tests on our software. This is done at least once every 12 months. If you would like to conduct a security audit then please contact our Enterprise team.

Do you offer Single Sign On (SSO) or password complexity settings?

VEED’s default method of login is to use a ‘magic link’ or a third party login such as Google’s sign in button. We also offer SSO options for Enterprise plan users (please contact the Enterprise team to learn more).