VWO’s enterprise-grade platform has been designed keeping in mind the high level of security expected by world-class businesses. With VWO, you can be rest assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.
How VWO handles data
VWO allows customers to easily create variations of their websites, split the website traffic to the variations and calculate the statistics to identify a winning variation. The variations are configured by the user via the VWO web-app, and those configurations are hosted in the cloud on VWO’s Content Delivery Network (CDN) as static text files. VWO is hosted on its own private, dynamic CDN which uses Bare Metal Servers managed by IBM SoftLayer in their state-of-the-art data centers across the globe. The technical and security specifications of our CDN are detailed further in this article. The variation configurations can also be self-hosted on the customer’s server, if required, for added security.
What data VWO captures
When a user signs up for VWO services, we store their email ID, name, IP address, location, and company information as entered in the forms available on our website and inside the web-app. When a user opts to purchase a paid plan, we use globally reputed third-party payment processors like 2Checkout and FastSpring. We don’t store any credit card information ourselves. Any customer information stored with VWO is never shared with any third-party services.
VWO stores the following information for the visitors who visit the customer’s website which has VWO tests running:
- Total number of visitors becoming part of the test (counter).
- Total number of conversions for a goal (counter).
- Revenue – in case a revenue goal is defined by the customer. The value of the goal is defined by the customer and is not fetched from the customer’s database or system.
- User agent, anonymized IP address (with last octet deleted) and timestamp when Post Result Segmentation is turned on.
Where VWO saves data
- VWO is hosted on Bare Metal Servers managed by IBM SoftLayer, which is SSAE16 certified which store:
- All source-code (in a IBM SoftLayer data center located in Singapore).
- Configuration data on the CDN (in 13 IBM SoftLayer data centers in 8 countries).
- Database cluster (in a IBM SoftLayer data center in the US).
- VWO web-app (in a IBM SoftLayer data center in the US).
- All Production data is stored in IBM SoftLayer data center spread across different locations.
- We do not store any customer data locally.
- The variation configurations required to run the tests for visitors can also be self-hosted on the customer’s servers for added security control.
How VWO protects data
Physical access to the IBM SoftLayer data centers is restricted by IBM SoftLayer. No physical access is allowed to any of the employees of Wingify, the parent company of VWO.
VWO conducts regular vulnerability scans against its internal and production systems. We are protected against OWASP top 10 security threats. We welcome customers to conduct their own vulnerability scan if they like, as long as they contact us beforehand for permission.
VWO takes strict measures to ensure that any data stored with us is kept safe. VWO is trusted by large enterprises like AMD, Lenovo as well as financial institutions like Tinkoff Bank, Aussie, ICICI Bank for their conversion optimization requirements.