Last modified Jan 27, 2023.
No previous versions available
Below are a list of frequently asked questions, and information of the handling of data on V7 Darwin, and the information security measures in place throughout our platform.
Information Security Program
Third-Party Audits
Third-Party Penetration Testing
Roles and Responsibilities
Security Awareness Training
Confidentiality
Background Checks
Cloud Infrastructure Security
Data Hosting Security
Encryption at Rest
Encryption in Transit
Vulnerability Scanning
Logging and Monitoring
Business Continuity and Disaster Recovery
Incident Response
Permissions and Authentication
Least Privilege Access Control
Quarterly Access Reviews
Password Requirements
Password Managers
Annual Risk Assessments
Vendor Risk Management
Contact Us
If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@v7labs.com.
Yes. Our platform adheres to GDPR requirements. V7 stores any of your data which reaches us in AWS S3 servers located in Ireland (EU) and will not move data for storage outside of the EU.
We collect cookies and analytics to ensure we know what features are preferred by our users. To learn about what cookies are involved in the usage of V7's marketing website (https://v7labs.com) and V7 Darwin, please visit the Data Privacy Statement.
By agreeing with the Terms of Service, you agree that you will not be sharing third party personally identifiable information with V7 Ltd unless an appropriate GDPR Data Sharing Agreement is in place.
V7 follows HIPAA guidelines to protect access to data which may be of medical nature on our platform. The following measures are in place to adhere to HIPAA standards.
Stated in Clause 5 (‘Intellectual Property Rights and Use of Customer Data.’) of our Terms of Service (https://www.v7labs.com/terms):
5.1 Intellectual Property Rights. Except as expressly set forth in this Agreement, this Agreement does not grant either party any rights, implied or otherwise, to the other party's content or any of the other party's intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and V7 owns all Intellectual Property Rights in the Services and Platform.
5.2 Use of Customer Data. V7 will not access or use Customer Data, except as necessary to provide the Services and TSS to Customer.
5.3 Customer Feedback. If Customer provides V7 Feedback about the Services, then V7 may use that information without obligation to Customer. Customer (you, the reader) does not transfer ownership of any data loaded into our platform, nor does V7 have the right to access it if not to deliver the platform’s services as requested by the user.
----------
V7 does not mix, grant access to, or reveal any customer data to third parties unless explicitly instructed to by the customer in writing.
Users on V7 Darwin are divided among Team Owners, Admins, Users, Workforce Managers, and Workers. Privileges across these user classes allows you to restrict read and write access to datasets across your Team. Please refer to documentation on User Classes or the adjacent tooltips within the Members tab of your team settings to learn about these permissions.
Within each dataset setting there is an option to share a dataset and its export versions with the public. This feature contains a warning popup prior to being switched on when selected. Only Admins, Team Owners, and Users (if users are also the dataset creator) can access this setting. This option is OFF by default for all datasets. Ensure that the dataset sharing option is set to OFF if you would like to restrict public access to it. Datasets with sharing set to ON are visibly marked as "OPEN" on their dataset card.
Certain pricing tiers within V7 Darwin have access to direct AWS S3 integrations. This setup ensures that image or video data belonging to your business is never stored on V7's servers. Please enquire with our team regarding this option if it is a necessity for your business.
Image data within datasets, classes, or datasets themselves can be deleted from the graphical user interface or API. Image and video data is archived prior to being deleted to ensure it can be recovered in case of a mistaken decision.
Worker users are granted access to datasets via the Settings tab within each dataset. Once they receive access, they are able to:
Workers cannot view images that are not assigned to them, nor can they browse datasets in the same way Users and Admins can. Workers are also restricted from viewing team member settings, billing, and the performance statistics of other users.
V7 stores any of your data which reaches us in AWS S3 servers located in Ireland (EU) and will not move data for storage outside of the EU.
V7 performs quarterly vulnerability tests through Snyk.
V7 performs threat detection and continuous monitoring through Guard Duty.
Single sign on services are available as part of our enterprise tier. Please enquire with our team regarding including SSO into your account.
Access monitoring summaries and alerts are available as part of our enterprise tier. Please enquire with our team regarding access notification and email summaries on information security.
The following third party services are involved as Subprocessors in the operational aspects of our software:
Name | Purpose (Used For) | Subprocessor Privacy Policy |
---|---|---|
24/7 | Monitoring Tool to monitor end user experience | https://www.site24x7.com/gdpr.html |
Appsignal | Used for monitoring server load, specifically capturing error reports that might contain customer details. | https://docs.appsignal.com/appsignal/gdpr.html https://appsignal.com/v7/admin/data_processing_agreement |
AWS | Main application hosting platform. Customer PII stored in RDS databases and S3 buckets. | https://aws.amazon.com/compliance/gdpr-center/ |
Amplitude | Used to provide product analytics | https://amplitude.com/terms/dpa |
Chartmogul | Used to track company financial metrics and performance | https://chartmogul.com/blog/gdpr/ |
Chillipiper | Used to schedule meetings with inbound customer leads | https://www.chilipiper.com/security |
Clickup | Projec management tool to track marketing initiatives | https://clickup.com/dpa |
Emailable | Email verification tool | https://emailable.com/privacy-policy/ |
FullStory | A support tool that captures end user interaction with the Darwin web application | https://www.fullstory.com/resources/gdpr-and-fullstory/ |
Gong | Used to record customer interactions | https://www.gong.io/data-processing-addendum/ |
Google Analytics | Used to monitor page views. | https://support.google.com/analytics/answer/3379636?hl=en |
Google Cloud | Data may be processed using Google Cloud services | https://cloud.google.com/terms/cloud-privacy-notice |
Google Workspace | Our corporate productivity tool. Email, Calendar, Shared documents etc. | https://support.google.com/a/answer/10209882 |
Heap Analytics | Product analytics tool tracking user user events and conversion | https://heap.io/blog/heaps-commitment-to-gdpr-and-data-privacy |
Hubspot | Customer Relationship Management | https://legal.hubspot.com/dpa |
Intercom | Customer Support software and live chat | https://www.intercom.com/legal/data-processing-agreement |
Jotform | Used to record quote request submissions from Customers. We will be transitioning to Work Forms (A feature of Monday.com). | https://www.jotform.com/answers/2000990-data-processor-addendum-dpa |
LeadIQ | Sales prospecting platform | https://leadiq.com/legal/data-processing-agreement |
Linear | Bug reports from customers might be entered in linear and might include end user details | https://linear.app/dpa |
Loom | A browser recording tool | https://www.loom.com/dpa |
Lusha | Contact enrichment tool for prospecting | https://www.lusha.com/legal/customer-data-processing-addendum/ |
Mailchimp | Used to automate email campaigns | https://mailchimp.com/en-gb/legal/data-processing-addendum/ |
---|---|---|
Mandrill | Mailer used to send one-to-one transactional emails triggered by user actions (A Mailchimp feature, used to send user invitations, usage updates, and team-create emails) | https://mailchimp.com/en-gb/legal/data-processing-addendum/ |
Microsoft Azure | Data may be processed using Microsoft Azure services. | https://docs.microsoft.com/en-us/compliance/regulatory/gdpr |
Monday.com | Project management platform to track labelling services delivery | https://monday.com/l/privacy/dpa/ |
Notion | Documentation of Company | https://www.notion.so/Data-Processing-Addendum-361b540101274b1fa7e16b90402b0d99 |
Pandadoc | E-signature software for signing contracts | https://www.pandadoc.com/app/uploads/PandaDoc-DPA-for-Customers-v22.2-Pre-Signed-Public-Facing.pdf |
Pitch | Used to make slide decks and presentations | https://pitch.com/data-processing-agreement |
Planhat | Customer Relationship Management | https://www.planhat.com/dpa/ |
SalesQL | Prospect enriching tool | https://salesql.com/legal/gdpr-compliance |
Savvycal | Scheduling tool for demo requests submitted to V7 and arranging sales conversations | https://savvycal.com/privacy/ |
Sentry.io | Aggregates error messages from the Darwin application which might contain customer details | https://sentry.io/security/ |
Slack | On an adhoc basis employees might share customer details via slack, e.g. to schedule meetings | https://slack.com/intl/en-gb/trust/compliance/gdpr?geocode=en-gb |
Stripe | Used to process card payments and subscriptions | https://stripe.com/gb/legal/dpa |
Typeform | Used to build and conduct online surveys | https://admin.typeform.com/to/dwk6gt?typeform-source=www.typeform.com |
Zapier | Middleware tool to connect and process data between internal tools at V7 | https://zapier.com/help/account/data-management/zapiers-data-processing-addendum |
Please enquire with our team on any regional requirements for data security. Our team is happy to provide references of customers from within your region (if available) and explain if and how we comply with your data security standards.