All Collections
Frequently Asked Questions
How is Data Security & Privacy managed at Viima?
How is Data Security & Privacy managed at Viima?

Application level, physical and server-level data security at Viima.

Updated over a week ago

This page contains a brief description of how data security is handled in Viima's application. For more detailed descriptions or questions related to information security, please contact our support:

In short, we have a detailed Information Security Management System (ISMS) in place, with a strong focus on continuous improvement. We follow the controls of the ISO27001 framework, and have ISAE3000 (International version of SOC2) audits done by trusted external parties (most recently a Big Four company). We also have a strong focus on data privacy, and are fully GDPR compliant.

Application level security

As Viima provides a web-based application, all the security-related issues have been taken into consideration in the backend (server side). The backend has been developed with the Django framework that provides XSS protection, CSRF protection, SQL injection protection, clickjacking protection, HTTPS support, host header validation, and session security amongst others. These are implemented at the security layer 0 depicted in the diagram below. Further information about these topics can be found from:

The application is developed so that Django acts only as a REST API providing JSON data to the front end. Thus the user restrictions have been implemented on their own layers (security layers 1-3 in the diagram below)

Data Security Pic1.jpg

Physical and server-level security

Viima hosts the service in cooperation with trusted, reputable, and well-known partners. By default, all data resides within the EU region. Our servers are hosted by Amazon Web Services (AWS) which is a cloud computing platform provided by

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. [AWS security white paper]

The respective data security descriptions of AWS can be found from:

AWS security white paper:

AWS Risk and Compliance Overview:

AWS Certifications, Programs, Reports, and Attestations:

ISO 27001 Certification:

To further enhance security, all HTTP traffic is encrypted with SSL/TLS, and the customer data is also encrypted at rest. Viima follows the latest security measures on both occasions.

Did this answer your question?