Ventira
Security & Trust

Enterprise-grade security.
Built for trust.

Bank-level encryption, rigorous access controls, continuous monitoring, and transparent processes. Your data security is our foundation.

All Systems Operational
Last reviewed: 21 Oct 2025

Overview

Ventira encrypts all data in transit and at rest, enforces strict role-based access controls, and continuously monitors for security threats. Payment card data is never stored on our servers — all transactions are processed through PCI DSS Level 1 certified payment providers.

Encryption

TLS 1.2+ in transit, AES-256 encryption at rest for all data.

Access Control

Role-based access, MFA for admin, full audit logging.

Compliance

GDPR & UK GDPR compliant, SOC 2 Type II controls.

Backups

Automated encrypted backups, tested recovery procedures.

Monitoring

Real-time threat detection, 24/7 uptime monitoring.

Data Protection & Privacy

Data Controller:VIARGAMING LTD (Company No. 15847699), United Kingdom
Registered Office:43 Victoria Rd, Northampton, NN1 5ED, UK
Data Regions:UK & EU/EEA; Standard Contractual Clauses (SCCs) + UK IDTA for international transfers
Legal Policies:
Privacy Policy·Cookie Policy·Terms & Conditions·Refund Policy

Encryption

  • TLS 1.2+ in Transit

    All data is encrypted in transit using TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enforced on all public endpoints to prevent downgrade attacks.

  • AES-256 Encryption at Rest

    All stored data — including databases, uploaded files (PDFs, logos), and backups — is encrypted at rest using industry-standard AES-256 encryption.

  • Key Management & Rotation

    Encryption keys are managed using secure cloud key management services with automatic rotation policies. Access to cryptographic keys is strictly controlled and audited.

Access Control

  • Role-Based Access & Least Privilege

    Access to systems and data is strictly role-based. All admin and privileged accounts require multi-factor authentication (MFA). Employees are granted only the minimum access necessary for their job function.

  • Comprehensive Audit Logging

    All access to production systems is logged with tamper-proof audit trails. Production access is time-bounded, ticketed, and requires explicit approval. Logs are retained and regularly reviewed for anomalies.

  • Customer Data Protection

    Support team access to customer data is strictly limited to legitimate support requests. All customer data access is logged, monitored, and subject to periodic review to ensure compliance with our security policies.

Application Security

  • Secure SDLC: code reviews, dependency scanning, build integrity checks.
  • Vulnerability management: regular scans/patching; severity-based SLAs.
  • Protections: rate limiting, abuse detection, CSRF protection on auth flows.

Infrastructure & Monitoring

  • Environment isolation for dev/staging/production.
  • Observability: logs, metrics, tracing; alerting on error rates and latency.
  • Backups: encrypted automatic backups with periodic restore tests.
  • Disaster recovery: documented runbooks; RTO/RPO targets below.

Availability Targets

99.9%
Target uptime
monthly, core features
≤ 4h
RTO
Recovery Time Objective
≤ 15m
RPO
Recovery Point Objective

Live availability is published on the Status page.

View Status →

Data Retention

DataRetention
Account & company settingsFor the lifetime of the account
Customer Content (invoices, clients)Until deleted or account closure
Billing & token ledgerPer tax/accounting law (UK typically 6 years)
BackupsTime-limited, encrypted

Incident Response

We maintain 24/7 incident response capabilities for production systems. Critical incidents are triaged within 1 hour, and we proactively communicate with affected users via our Status page and email notifications.

Our Incident Response Process:

  1. 1
    Detect & Triage

    Automated monitoring detects anomalies. On-call engineers assess severity and impact within 15 minutes.

  2. 2
    Communicate

    Status page updated within 15 minutes for major incidents. Email notifications sent to affected users.

  3. 3
    Resolve & Update

    Hourly progress updates provided until full resolution. Service restoration prioritized over root cause analysis.

  4. 4
    Post-Incident Review

    Detailed post-mortem published within 5 business days for major events, including root cause, timeline, and remediation steps.

Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities from security researchers and the broader community. We are committed to working with researchers to verify, reproduce, and respond to legitimate reported vulnerabilities.

How to Report a Security Vulnerability

Please send a detailed report to info@ventira.co.uk including:

  • Steps to reproduce the vulnerability
  • Potential impact and severity assessment
  • Any supporting proof-of-concept code or screenshots
  • Your contact information for follow-up

Response timeline: We acknowledge all reports within 2 business days and provide regular updates throughout the remediation process. We aim to resolve critical vulnerabilities within 30 days.

Coordinated disclosure: Please allow us reasonable time to address the issue before any public disclosure. We commit to transparent communication and will coordinate disclosure timing with you.

Report Security Issue

Compliance & Legal

  • GDPR / UK GDPR principles observed (lawful basis, minimisation, rights).
  • Data Processing Addendum (DPA) available on request.
  • Subprocessors list kept up-to-date.
Privacy Policy

Subprocessors (summary)

We use third-party providers for hosting, email, analytics, and payments. Each provider signs data protection terms and meets our security requirements.

Need help?

Questions about security, data protection, or privacy? Our team is here to help. We typically respond within one business day.

Security inquiries:info@ventira.co.uk
Data protection:info@ventira.co.uk
Phone:+44 7457 423147

Quick links:

System Status·Privacy Policy·Cookie Policy·Terms & Conditions