Visage

Security Measures

Last updated: November 13, 2025

Visage has implemented and maintains appropriate technical and organizational security measures for the processing of data. These measures include, but are not limited to:

Risk Management

Visage believes in proactive risk management of data protection threats. Visage conducts a thorough, periodic information security risk assessment (Risk Assessment) of our products' networks, systems, and applications to document threats and vulnerabilities to stored and transmitted information.

Storage

Sensitive Data is only stored in a secure, dedicated cloud environment behind a firewall and other network security controls. Storage systems are encrypted at rest using industry-standard algorithms such as AES-256, with encryption keys managed in centralized key management systems and rotated on a regular basis.

Disposal

The following methods are utilized for both hard copy and electronic data:

  • Purging and deleting data from all system components using secure wipe programs in accordance with industry-accepted standards for secure deletion (i.e., degaussing or equivalent secure erase)
  • Destroying (cross-shredding) any cardholder data that is in a hardcopy format
  • For electronic media stored on system components that are no longer in use, data is disposed of through disintegration, shredding (disk grinding device), incineration by a licensed incinerator, or pulverization

Information Security

Visage maintains reasonable technical, organizational, and physical security measures to protect the security and confidentiality of Sensitive & Confidential Data from unauthorized access or unlawful disclosure.

Critical security controls include, but are not limited to:

  • Encryption in transit: Sensitive & Confidential Data transfers must be sent via a secure transfer system, such as HTTPS using TLS 1.2 or higher, or SFTP
  • Encryption at rest: All Visage servers, workstations, and laptops use disk encryption based on strong algorithms such as AES-256
  • Database security: Databases are encrypted at rest using AES-256, with sensitive data additionally encrypted at the application layer
  • Data segregation: Sensitive Data remains in secure environments with logical segregation between customer environments
  • Production and test environments: All production data is sanitized before use in non-production environments
  • Incident management: Maintain a process for identifying, managing, and resolving privacy incidents in accordance with the Visage Incident Response Policy

Access Control

Access is limited to that which is required for the performance of job duties for individual users, following the principle of "Just Enough Access."

  • Role-Based Access Control (RBAC): Access permissions based on data classification and personnel roles
  • User onboarding: Unique user IDs assigned with initial data access permissions
  • Access policies: Strong authentication requirements and additional protections for privileged access
  • User off-boarding: Prompt revocation of access for departing employees and contractors
  • Regular reviews: User access rights reviewed at least annually to identify and terminate unnecessary access

Training and Awareness

Information Security Training

Visage conducts annual Information Security Training as required per our Information Security Policy. This training includes coverage of data protection and privacy requirements related to Sensitive & Confidential Data, including requirements about collection, handling, use, disclosure, and safeguarding.

Developer/Engineer Training

Visage provides training on secure coding practices to its developers. The training covers all content included in the most recent OWASP Top Ten, providing technical concepts and recommendations to address them.

We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. By clicking "Accept", you consent to our use of cookies. Read our Privacy Policy and Cookie Policy to learn more.