Prevu3D is committed to the protection of our customers’ data.

We maintain that commitment by ensuring that all the data we store with our systems is secure, private, and available.
We do this by maintaining our practices with the industry’s most rigorous enterprise-grade certifications in security, privacy, and availability. These certifications highlight our transparency and commitment to providing the highest level of service possible for clients.

Compliance and audits

Prevu3D is SOC 2 Type 2 certified. The audit was performed by Prescient Assurance.
Prevu3D is recognized as a Cybersecure Canada compliant organization by Innovation, Science and Economic Development Canada. The audit was performed by CyberSecurity Canada.
Prevu3D’s Cloud Platform is tested for security vulnerabilities by an independent third party at least annually.

Cloud Security

Prevu3D’s AWS environment follows the security recommendations established by the AWS Well-Architected Framework. Accounts isolate different workloads and environments, activity is logged and monitored across the organization and every asset is given minimum access to network and API resources. Prevu3D uses AWS Security Hub, AWS GuardDuty, AWS Inspector and AWS Config to monitor the security of its infrastructure. Production workloads typically use serverless functions or containers to minimize the risks associated with unmanaged AWS EC2 instances.

Data Encryption

Prevu3D always encrypts data at rest and in transit. Data is transferred using TLS1.2 or TLS1.3 with AES-GCM or Chacha20 ciphers. To encrypt data at rest, Prevu3D leverages tools like AWS KMS, Bitlocker and LUKS2 to ensure that drives and cloud storage services keep your data encrypted at all times. Keys are stored in specialized hardware (TPM, HSM, …) to protect against access by a malicious actor.

Access Control

At Prevu3D, the principle of least-privilege is strictly applied to networks, applications and infrastructure. Workstations are isolated from each other and no inbound connections are accepted. This is possible thanks to the use of Zero Trust Network Access services. Prevu3D’s ZTNA strategy also allows for control of access based on strong identity, device security posture and network location. Multi-factor authentication is enforced for every employee, using either time-based OTP or Webauthn with Yubikey. Prevu3D conducts access reviews quarterly.

Vulnerability Disclosure

Prevu3D provides a legal safe harbor to good-faith security researchers. To report security issues, you can reach us at [email protected] or contact us using our VDP form on Federacy. Prevu3D always responds to bug reports within 24 hours.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Comment: User-ID: Prevu3D Security <[email protected]>
Comment: Created: 2022-09-02 1:39 PM
Comment: Expires: 2024-09-02 12:00 PM
Comment: Type: 255-bit EdDSA (secret key available)
Comment: Usage: Signing, Encryption, Certifying User-IDs
Comment: Fingerprint: 38EF5D3144E08458BA0B4A38E5B5C4420715BDD8

mDMEYxI/6xYJKwYBBAHaRw8BAQdAKVvnLNYEDucjyNhdRbRIEU06GoUL76EJOIgV
X3Gb75W0J1ByZXZ1M0QgU2VjdXJpdHkgPHNlY3VyaXR5QHByZXZ1M2QuY29tPoiZ
BBMWCgBBFiEEOO9dMUTghFi6C0o45bXEQgcVvdgFAmMSP+sCGwMFCQPDoRUFCwkI
BwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ5bXEQgcVvdhs7wD8DXr+jXxiYCMK
S9rINDa7RFz/keS+utGV9hRip3QQOGYA/i7BNHa6d5A2Ld6NzoduSJpA/VJ+iCsi
aq0evDvy0qoDuDgEYxI/6xIKKwYBBAGXVQEFAQEHQMnty0fXd403yAvvp/qqkrHr
jzvJOyjNN2eRaG2ExR9gAwEIB4h+BBgWCgAmFiEEOO9dMUTghFi6C0o45bXEQgcV
vdgFAmMSP+sCGwwFCQPDoRUACgkQ5bXEQgcVvdjANAD/RUgQqdfizoe5VtFyjsDk
ONKN/pyQzHqPmASNug7cfGABAKVTII3fsb2ba1ivId8Bqpm1M9pC6bgLZdKc7TR9
K0cI
=WY5N
—–END PGP PUBLIC KEY BLOCK—–