Security

Voxel is built from the ground up with security as a priority. We design our services for reliability, and all data consumed and generated by our system is held to the highest industry standards for information security.

Secure by design

Voxel utilizes the latest security standards and techniques to secure and protect your data

  • Full end-to-end encryption secured with TLS v1.2 & AES-256
  • Role-based access controls with the ability to set permissions at the location & camera level
  • Data captured, stored, or processed by Voxel is encrypted by default when in transit over public networks or at rest in the Voxel cloud
  • SOC 1 Type II certified and SOC 2 certification in progress (expected Q3 2022)
  • Safeguards to protect creation, storage, retrieval, and destruction of secrets such as encryption keys and account credentials

Hardened Cloud Infrastructure

Voxel’s cloud infrastructure is built on Amazon Web Services and Google Cloud Platform with certification for compliance with ISO 27001 and SOC 1 Type II.

Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network.

These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are established on each managed interface, which manages and enforces traffic flow. Administrative access to Voxel’s infrastructure is highly restricted and verified by public key. Distributed Denial of Service (DDoS) attacks are mitigated with elastic load balancing and highly available DNS services.

Voxel is built on a secure multi-tenant cloud architecture with logical data separation across distributed databases, with authentication checks for every application layer and data-layer access made to any tenant's data. Logical separation ensures that data is always associated with exactly one customer, and authentication checks at the application and data layers ensure that data is completely isolated by customer and accounts provisioned for that customer.

Read More

Penetration Testing

Voxel works with independent entities to conduct application, infrastructure, and hardware-level penetration tests at minimum once a year. Executive summaries of these activities can be shared by requesting them from your account manager.

Contact

Please report any security issues to security@voxelai.com with details about the vulnerability.