Data Encryption
Vosaic transmits all of your data, including video, markups, annotations, and analytics between our upload channels (i.e. mobile application and website) and servers via secure, encrypted connection. We require all traffic to go through TLS (also called SSL), which uses 128 bit, SHA256 security in accordance with industry standards. Vosaic will not send any data over unencrypted connection.
In addition, when stored, your data is encrypted using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256).
Modern Infrastructure
Vosaic uses a cloud-based architecture for secure, redundant storage of all data (including backup copies). The cloud-based architecture is designed and managed in alignment with security best practices and a variety of IT security standards, including: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC2, SOC3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1 and ISO 9001 / ISO 27001. For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/. In the event of a disaster the data can be recovered from redundantly stored backups.
For more information about Amazon’s security and business see http://aws.amazon.com/security.
To learn more about Amazon’s standards compliance, see: http://aws.amazon.com/compliance
Data Ownership
You own all data that you upload to Vosaic. We provide easy-to-use tools to help you manage your data, and if you decide to stop using Vosaic, we make it easy for you to take your data with you.
Identity Verification
The only way to create a Vosaic account is via an email invitation generated by our platform. Using email as a unique identifier is a best practice and an industry standard for authentication, and ensures no account is shared by anyone else on our system.
Strong Passwords
We require strong passwords that must include uppercase, lowercase, alphanumeric, and special characters. We don’t store your password in plaintext form. Instead we store a hashed and salted password that is impossible to reverse engineer.
Access Roles and Groups
As an administrator of your Vosaic account, you can control access and permissions for other users.
- Viewers can watch and markup videos.
- Learners can upload, markup, and watch videos.
- Educators can upload, markup, and watch videos.
By default, only the uploader has access to a video. The uploader must update the video’s access and permissions to allow other to watch or markup the video.
Video Privacy
All videos on Vosaic.com are private by default, viewable only by the person uploading videos and the designated administrator of the account. These persons also administer the sharing options for each video. For additional information on our privacy practices, please see our Privacy Policy.
Payment Processing and PCI Compliance
Vosaic uses a third-party service provider, Paymentspring, to process payments. Visit Paymentspring’s website for PCI compliance overview: https://paymentspring.com/support/#our-compliance-level
FERPA, COPPA, and HIPAA Compliance
The U.S. Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and Children’s Online Privacy Protection Act (COPPA) are designed to protect student identity, academic information and health information from unauthorized disclosure to third parties. For Vosaic’s purposes, health information could include conversations among healthcare providers about a patient’s care as part of a recording in the Vosaic system. Vosaic complies with all applicable provisions as follows:
All videos or other uploaded documents are private in the system, viewable only by authorized users and IT administrators. Such permissions must be explicitly granted by authorized users and IT administrators within Vosaic.
Authorized IT administrators staff may access the account information solely for the purpose of providing service and support to the users. Such access is limited to authorized service and support staff only. Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the User Terms.
Users (teachers, administrators, etc.) who post videos that include children under 13, such as classroom observations, are required by our User Terms to obtain parent/guardian permission prior to posting.
Parents may request removal of any video of their child by directly contacting Vosaic.
Children under 13 years of age are expressly prohibited by our User Terms from creating their own account.
Please visit our User Terms and Privacy Policy for more information. If you have additional questions regarding Vosaic security or privacy, please contact us at https://vosaic.com/contact-us at any time.
Accessibility
Vosaic.com is compatible with native accessibility tools in Windows and Mac operating systems.
Vosaic.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.0, levels A and AA, and be compatible with the enhanced functions included in modern web browsers. Please see our Accessibility Statement for more information.
For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT). For more about WCAG 2.0 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.0