Always Keeping Data Secure

We understand that protecting your information is a big part of our job.

Always Working To Meet Compliance Standards

Our systems are always undergoing internal diagnostics to meet peak performance benchmarks. Regular penetration testing and audits are part of the industry certifications we maintain at all times. We are an industry leader that is at the forefront of best practices.

We’re Always Up and Running

We’ve built redundancies throughout our entire operations so that we can backup our contractual obligation to 99.9% uptime. Any variation in our system’s functions results in immediate notification to Velis staff.

Security Is Job One

Every  product we offer is security standard ISO 27001:2013 compliant, meaning we’ve internalized the highest benchmarks and best practices of our industry. Our methodology is always under review and being improved, with robust encryption routines incorporated at all times. Any data in our system is your data, not ours, and it is never handled in any way without your consent and never — under any circumstance —shared with third parties.

We’re Certified

As the old adage goes: trust, but verify. We backup our security pledges by meeting the highest standards in the industry. This includes ISO 27001:2013, GDPR Compliance, Amazon Web Services (AWS) Certification, and regular external penetration tests (pentests) based on OWASP recommendations.

AWS certification
OWASP certification
ISO certification

Want to see details about our security standards?

Check Our White Paper

Detailed Security Protocols

How we guarantee your safety in each area of operations.


Robust security is deeply embedded in our app design. All communications within it are encrypted via HTTP protocol, with in-app database encryption and privilege verification for all requests. Protecting data and empowering administrator control is the foundation of our system.

Ongoing Procedures

System logs are continuously monitored, with immediate appropriate approach of the Velis Support. We contract with an independent external company who carries out regular penetration tests using OWASP Top 10 detection methodology. Source code updates are proofed with automated tests to verify standards and detect bugs.


The system requires at least an 8 characters long password, that expire in 30 days, with variable case letters, at least one digit and one special character. Login attempts are capped at five before an account is locked and administrator action is required to unlock it. All passwords are encrypted with the Blowfish block cipher algorithm.


Velis has implemented the ISO 27001:2013 standard — an internationally recognized benchmark for information security management systems — since 2014. We have been in compliance with a wide range of individual security components that span hardware procurement, software development, web hosting services, network construction and maintenance, and other IT services. Both internal and external auditors function as part of our security infrastructure.

Data Protection

We backup all your data daily, which includes a full 3-day window to retrieve lost files (with an option for hourly backup and up to 60-day full recovery), using external servers with full encryption protocols to protect your data.

Any questions about our reliability and security protocols?


Where is data physically stored?

This depends on your selected hosting option. With standard hosting it is at Warsaw Atman (main server room) and OVH in France (backup). In the case of AWS (Amazon Web Services), the location is arranged based on a variety of factors (with Frankfurt being the default).

How secure is the data centre?

The data centre is ISO 27001 certified. It includes:
· Professional Power Supply — UPS system with a total power of 8580 kVA and five 26 MW independent medium voltage lines.

· Cooling — Air conditioners operating with N + 1 redundancy.

· Fire Detection System — Optical-temperature sensors and early smoke detection system, independent fire zones, and 120-minute fire resistance.

· Fire Extinguishing System — Gas extinguishing systems by Inergen and Argonite.

· Security — CCTV system inside and outside facility, access control based on proximity cards (with customised PIN, biometrics, and locks on request), burglary and panic attack system with automatic notification of external intervention group, and security personnel monitoring property 24/7.

How secure is the software where the guest data is stored?

The software uses security best practices, including:

· Data encryption — All data between your browser and the system is encrypted using the SSL standard.

· Privilege matrix — Use our ACL (access control list) module to assign and revoke privileges of users.

· OWASP Top 10 and ASVS (Application Security Verification Standard Project) standards.

· Internal and external security audits.

Who is the owner of the data in the system?

You remain the sole owner of all data stored in the system.

Is Velis authorized to use the data stored in the system?

No, we cannot use your data for any purpose not directly related to our contract (e.g. providing technical support).

Who administrates personal data?

You remain the sole administrator of all personal data stored in the system.

Can you export data stored in the system?

Yes, you can use built-in export options to extract data (e.g., into MS Excel format). You can ask us to develop additional exportable reports that match your needs.

What happens to data after the termination of the contract?

We will ask you what to do with the data. We can destroy it or export it to various formats, including storage on an external device (USB, hard drive, etc.).

Let's get in touch

Let's get in touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.