Keeping your data safe

Every day, our users trust Vitrue with their data. This brings an important responsibility - and one that we take incredibly seriously.

Our software aims to reduce musculoskeletal pain for millions of people. But that's only possible if you understand what data we process, why we process it and how we keep it safe.

Vitrue VIDA is certified to government standards

The British Government set standards to make sure all organisations using personal data keep it safe and use it ethically. We make sure Vitrue meets these standards.

Cyber-Essentials-Certified-logo
GDPR-badge

How we use data

Data encryption
We encrypt all data, both when it is stored and when it is sent. That means the only people who can access it are you and anyone you authorise.
Strong identity controls
We make sure the people who use our systems are who they say they are.
Safe and secure partners
We sometimes work with other organisations, for example, to store data securely in the cloud. Only those who meet our high standards become our partners.
User input and insights
We’re passionate about listening to our users to shape decisions on new technologies and data use.
A culture of data security
All Vitrue staff complete security and information governance training when starting. We’re always monitoring our team’s understanding of data security to ensure best practice.
A mission-driven approach
Everything we do with data is to reduce musculoskeletal pain. All business decisions are guided by our mission.

Security FAQs

Yes. Data is classified into 4 key categories: Public data, Internal-only data, Confidential data, Restricted data. All data is treated as most restricted until and with least privilege principles applied. Identifiable, highly commercially sensitive or personal data are all treated as Confidential (meaning even internal access to the data requires authorization and clearance.) Employees are informed on how to classify and treat the data through internal documents and training. Accounts are restricted based on their level of access to the data categories.

Our data classification is GDPR compliant.

The data security team are responsible for frequent audits of user permissions across services used at Vitrue.

Customer data is stored in secure AWS RDS databases and processed on secure AWS servers in the U.K. by default.

Yes as part of onboarding and in annual training

Yes, we make our latest results available to all of our customers.

Yes. All development is carried out in development environments, totally separately to production. There is a staging environment that all changes are merged to, where the majority of integration testing occurs prior to any release to production. No direct changes can be carried out in the production environment and code review & testing takes place before any merge to production to ensure potential vulnerabilities are assessed before any release.

Multi tenant. Access to data is strictly controlled in the secure backend using the securely logged in user's account. Only users associated with a given company AND given adminstrator status by the company may access any data associated with the company but not themselves. End users will only be given access to data associated with that user. Secure logins and encrypted back end communication is used to ensure this segregation.

All data is transferred over https (TSL 1.2, RSA encryption). 

At Rest: Advanced Encryption Standard (AES) with 256-bit keys (AES-256)

Yes we operate to GDPR standards.

Never miss out!

Join our waitlist by entering your email below and we’ll let you know as soon as we upload our latest webinar.

    Get workplace insights straight to your inbox

    Subscribe to our monthly newsletter to get exclusive compliance and wellbeing updates.