Security at Vialode
Protecting your trade data is our top priority. Here is how we do it.
Infrastructure
- Hosted on enterprise-grade global cloud infrastructure
- Private network architecture with no direct database exposure
- AES-256 encryption for all data at rest
- TLS 1.2+ encryption for all data in transit
Data handling
- Documents processed and stored in your private workspace only
- 90-day document retention by default, configurable per organization
- Full data deletion on request within 30 days
- Customer Data is never used for AI model training without explicit written consent
Authentication & access
- API key authentication with keys stored using industry-standard hashing
- Granular access controls per module
- Rate limiting on authentication endpoints to prevent brute-force attacks
- Session management with secure, HTTP-only cookies
Data isolation
- Logical tenant isolation at the application and database layers
- All queries are scoped to your organization via enforced policies
- Cross-tenant access is blocked at every layer
- Separate storage namespaces per organization
AI processing
- Document content is transmitted to AI providers over encrypted connections
- Only document content is shared — account information is never sent to AI providers
- AI provider data processing agreements are in place
- Outputs are validated and sanitized before being returned
Compliance & standards
- Designed in accordance with PDPA 2010 (Malaysia) and GDPR data protection principles
- Data Processing Agreement (DPA) available on request for enterprise customers
- Security practices are reviewed and updated regularly
- Responsible disclosure program for security researchers
Responsible disclosure
Found a security issue? Email [email protected]. We respond within 48 hours.
Security practices described on this page reflect our current implementation and commitments as of April 2026. We continuously improve our security posture. For the most current information, contact [email protected].