Our Commitment: Your data security is foundational to everything we build. Viva is powered by enterprise-grade cloud infrastructure with encryption, isolation, and responsible AI practices built in from day one.
Infrastructure Security
Viva runs entirely on Cloudflare's global infrastructure, providing enterprise-grade security without the enterprise price tag.
- Encryption in Transit: All data transmitted using TLS 1.3, the latest encryption standard
- Encryption at Rest: Data stored with AES-256 encryption
- DDoS Protection: Enterprise-grade protection against distributed denial-of-service attacks
- Web Application Firewall: Automatic protection against common web vulnerabilities (OWASP Top 10)
- Global Edge Network: Data served from 300+ locations worldwide for performance and redundancy
AI & Data Handling
We use leading AI providers (Anthropic and OpenAI) under business API terms that protect your data.
Your conversations are NOT used to train AI models. We use business API tiers that explicitly exclude customer data from model training.
- No Model Training: Your business data and customer conversations are never used to train AI models
- Processing Only: AI providers process data solely to generate responses, then discard it
- Business API Terms: We operate under Anthropic and OpenAI's business/enterprise API agreements
- Data Minimization: We send only the context necessary to generate helpful responses
Data Isolation & Access
Your data is yours. We implement strict isolation between businesses and limit internal access.
- Multi-Tenant Isolation: Your data is logically separated—other businesses cannot access your information
- Role-Based Access: Only your authorized team members can access your customer data
- Limited Internal Access: Viva employees cannot access your data without explicit permission for support purposes
- Data Ownership: You own your data completely. Export or delete anytime
- No Data Selling: We never sell your data or your customers' data to third parties
What We Don't Store
Viva is a communication and engagement platform, not a policy administration system.
- No Payment Card Data: We don't store credit card numbers—payments are processed by secure third-party providers
- No SSN/Tax IDs: We don't collect or store Social Security numbers or tax identification numbers
- No Policy Details: For insurance clients, we handle customer communication—not policy data or claims
- No Health Records: We don't store protected health information (PHI)
Compliance & Privacy
We build privacy into our platform and comply with applicable data protection regulations.
- CCPA/CPRA: California residents can request access, deletion, and opt-out of data sales
- State Privacy Laws: We support privacy rights under Colorado, Connecticut, Utah, and Virginia laws
- GDPR Ready: Data handling practices aligned with EU data protection requirements
- TCPA Compliance: SMS and calling features include consent management and opt-out handling
For details on data collection and your rights, see our Privacy Policy.
Security Questions?
If you have questions about our security practices or need additional information for your compliance requirements, we're here to help.
We respond to security inquiries within 24 hours