Vosaic transmits all of your data, including video, markups, annotations, and analytics between our upload channels (i.e. mobile application and website) and servers via secure, encrypted connection. We require all traffic to go through TLS (also called SSL), which uses 128 bit, SHA256 security in accordance with industry standards. Vosaic will not send any data over unencrypted connection.
In addition, when stored, your data is encrypted using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256).
Vosaic uses a cloud-based architecture for secure, redundant storage of all data (including backup copies). The cloud-based architecture is designed and managed in alignment with security best practices and a variety of IT security standards, including: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC2, SOC3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1 and ISO 9001 / ISO 27001. For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/. In the event of a disaster the data can be recovered from redundantly stored backups.
For more information about Amazon’s security and business see http://aws.amazon.com/security.
To learn more about Amazon’s standards compliance, see: http://aws.amazon.com/compliance
You own all data that you upload to Vosaic. We provide easy-to-use tools to help you manage your data, and if you decide to stop using Vosaic, we make it easy for you to take your data with you.
The only way to create a Vosaic account is via an email invitation generated by our platform. Using email as a unique identifier is a best practice and an industry standard for authentication, and ensures no account is shared by anyone else on our system.
We require strong passwords that must include uppercase, lowercase, alphanumeric, and special characters. We don’t store your password in plaintext form. Instead we store a hashed and salted password that is impossible to reverse engineer.
Access Roles and Groups
As an administrator of your Vosaic account, you can control access and permissions for other users.
- Viewers can watch and markup videos.
- Learners can upload, markup, and watch videos.
- Educators can upload, markup, and watch videos.
By default, only the uploader has access to a video. The uploader must update the video’s access and permissions to allow other to watch or markup the video.
Payment Processing and PCI Compliance
Vosaic uses a third-party service provider, Paymentspring, to process payments. Visit Paymentspring’s website for PCI compliance overview: https://paymentspring.com/support/#our-compliance-level
FERPA, COPPA, and HIPAA Compliance
The U.S. Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and Children’s Online Privacy Protection Act (COPPA) are designed to protect student identity, academic information and health information from unauthorized disclosure to third parties. For Vosaic’s purposes, health information could include conversations among healthcare providers about a patient’s care as part of a recording in the Vosaic system. Vosaic complies with all applicable provisions as follows:
All videos or other uploaded documents are private in the system, viewable only by authorized users and IT administrators. Such permissions must be explicitly granted by authorized users and IT administrators within Vosaic.
Authorized IT administrators staff may access the account information solely for the purpose of providing service and support to the users. Such access is limited to authorized service and support staff only. Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the User Terms.
Users (teachers, administrators, etc.) who post videos that include children under 13, such as classroom observations, are required by our User Terms to obtain parent/guardian permission prior to posting.
Parents may request removal of any video of their child by directly contacting Vosaic.
Children under 13 years of age are expressly prohibited by our User Terms from creating their own account.
Vosaic.com is compliant with the European Union’s General Data Protection Regulation (GDPR) requirements for security and consent related to user data and content, including the right to be deleted.
Vosaic.com is compatible with native accessibility tools in Windows and Mac operating systems.
Vosaic.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.0, levels A and AA, and be compatible with the enhanced functions included in modern web browsers. Please see our Accessibility Statement for more information.
For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT). For more about WCAG 2.0 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.0