Security at Vinterre
Security, privacy, and reliability are at the core of our DNA.
- Product Security
- Data Security
- Incident Management & Response
- Availability & Reliability
- Organizational Security
- Business Continuity
- Threat Management
- Report an Issue
Vinterre is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The regulation allows EU citizens to request all the information a company has saved on them, in addition to requesting that all personal information is removed from a company's systems and any subprocessors who have handled their data. If you wish to request the information that Vinterre, and its subprocessors, have collected from you, please submit your request to firstname.lastname@example.org.
Vinterre is fully committed to the California Consumer Privacy Act (CCPA). The CCPA is a law that allows any California consumer to request all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. If you wish to request the information that Vinterre has collected from you, please submit your request to email@example.com.
We’re committed to building a product with a robust set of security features to keep you and your customers safe.
Vinterre audit logs capture all changes made to trust center content including topics, roadmap items, FAQs, and resources. The log tracks the type of change, the time it happened, the member who made the change, and when applicable, the version history of the change. This includes all comments and member activities such as invitations and joins.
SSO simplifies the management of passwords and identity, helping improve security by reducing the potential for stolen passwords among other attacks. Google, Facebook, and LinkedIn users have the ability to sign in to other applications such as Vinterre using their Google, Facebook, or LinkedIn accounts.
Your information from sign-in providers such as Facebook will never be transferred to a data broker or sold.
Data Encrypted At-Rest
Vinterre data is hosted by Amazon Web Services (AWS) in the United States. All data is encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here.
Data Encrypted In-Transit
Vinterre uses HTTPS for all applications and SSL for all database connections to protect sensitive data transmitted to and from applications.
Your privacy is important to us. It is Vinterre's policy to respect your privacy regarding any information we may collect from you across our website. Vinterre only collects data that we need and only retains it for as long as necessary.
Vinterre does not share any personally identifying information publicly or with third parties, except when required by law.
Type of Collected Information
- Personal information. For example, your name, email address, telephone number, location, social media profile links, and other contact details when you create a Vinterre profile.
- Settings and Account Information. For example, preferences such as default language, time zone, communication preference, and other information you submit to Vinterre in the source of using our services.
- Third-Party Information. For example, access tokens and information related to third-party accounts such as Facebook, LinkedIn, and Google that you have connected to Vinterre.
- Your usage. We collect information about how you use Vinterre, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency, and duration of your activities. For example, we log when you're using and have last used Vinterre, and what profiles and products you view on Vinterre.
Processing Collected Information & Shared Information
- Provide, personalize, and improve Vinterre. We use the information we have to deliver Vinterre, including personalized features and content. The information is used to develop, test, and improve Vinterre, including by conducting surveys, research, and testing new features.
- Exposure. Vinter's benefit is to help expose your organization to the global wine industry. The information you share is collected and available to certain Vinterre users based on your privacy settings defined for your Vinterre account. Public information can be seen by anyone, including individuals that do not have an account with Vinterre. Restricting Registered information can be seen by registered members of Vinterre. Restricting Private information can be seen by registered members of Vinterre that you have invited and accepted as part of your organization's team.
- Communicate with you. We use the information we have to send you communications about our products and help you when you contact us.
Manage or Delete Information
We provide you with the ability to access, rectify, and erase your data. Learn more in our Vinterre Settings.
When you delete your account, we delete your profile, products, communications, and associated information with your account. You will not be able to recover that information later. Information that others have shared with you is not part of your account and therefore will not be deleted.
Incident Management & Response
Data Breach Notification
In the event of unauthorized access to data, Vinterre will notify its customers and other affected parties about the breach within 24 hours, or as required by law, as well as take specific steps to remedy the situation to prevent future incidents.
Incident Response Plan (IRP)
Vinterre has an Incident Response Policy that outlines its Security Incident management process. The policy describes escalation procedures and communication plans in case of an incident. It ensures incidents are remediated as quickly as possible and keeps affected customers informed.
Availability & Reliability
Vinterre uses Sentry.io to monitor its systems to detect service-related issues. The Vinterre team is alerted 24x7 when the threshold criteria are exceeded.
Vinterre will provide documents upon request. Please submit your request to firstname.lastname@example.org.
Employee Security Training
Vinterre employees undergo monthly Security Awareness training.
Business Continuity Plan
Vinterre has automated data backups that run daily to protect against data loss.
Vinterre hosts its application at Amazon Web Service (AWS). The physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. For additional information visit the AWS Security page.
- FISMA - Moderate - Data Center
- ISO 27001 - Data Center
- PCI-DSS - Level 1 - Data Center
- SOC 2 Type II - Data Center
- Sarbanes-Oxley (SOX) - Data Center
- Environmental Safeguards - Data Center
Vinterre hosts its data and application at Amazon Web Service (AWS). AWS utilizes the following safeguards:
Fire Detection and Suppression
Automatic fire detection and suppression equipment have been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.
Climate and Temperature Control
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.
Data center staff monitor electrical, mechanical, and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
For additional information see the AWS Security page.
Vinterre takes the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
We require that all researchers:
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
- Perform research only within the scope set out below
- Use the identified communication channels to report vulnerability information to us
- Keep information about any vulnerabilities you’ve discovered confidential between yourself and Vinterre until we’ve had 90 days to resolve the issue.
If you follow these guidelines when reporting an issue to us, we commit to:
- Not pursue or support any legal action related to your research
- Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
- Recognize your contribution to our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue
- Consider paying a cash reward if the vulnerability is determined to be of high impact and probability
The impact assessment is based on the attack’s potential for causing privacy violations, financial loss, and other user harm, as well as the user base reached.
The probability assessment takes into account the technical skillset needed to conduct the attack, the potential motivators of such an attack, and the likelihood of the vulnerability being discovered by an attacker.
If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing email@example.com.
Please include the following details with your report:
- Description of the location and potential impact of the vulnerability;
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us); and
- Your name/handle and a link for recognition in our Hall of Fame.
To learn more about the qualifying vulnerabilities that apply to our program, please read our full Vulnerability Disclosure Policy.
Dynamic Application Security Testing (DAST)
Vinterre uses ZAP to scan its web applications. ZAP crawls our applications and examines the responses from the application to identify security vulnerabilities. Vulnerability reports are reviewed for risk assessment and prioritized for remediation.
Static Application Security Testing (SAST)
Vinterre uses Snyk to scan its source code. Snyk detects security vulnerabilities in our application code and open source packages. Vulnerability reports are reviewed for risk assessment and prioritized for remediation.
Name Purpose Location
Google Authentication and authorization USA
Datadog Logging and the monitoring USA
GoDaddy DNS and Hosting provider USA
Google Data service provider USA
Vercel Hosting service provider USA
SendGrid Email service provider USA
Stripe Payment processing USA
Cloudinary Document storage USA
Report an Issue
If you believe you've discovered a security-related issue, please contact us at firstname.lastname@example.org.