Protecting data privacy and security is a top priority for Immersive.
Immersive, operates the services offered on immersive.inc (the "Immersive Website"), including the platform (the "Immersive Platform"), and any associated mobile applications (the "Immersive Apps") or products and services that Company may provide now or in the future (collectively, the "Service").
Encryption at Rest and In Transit
Access to the Immersive Service occurs via encrypted connections
(HTTP over TLS, also known as HTTPS) which encrypt all data before it leaves the Immersive Services servers and protects that data as it transits over the internet. All of our Services are in Amazon Web Services (AWS) and served from either Cloudfront or Elastic Load Balancer (ELB). We use HTTP Strict Transport Security to ensure that pages are loaded over HTTPS connections and our TLS configuration receives an A+ from Qualys SSL Labs.
The Immersive Services use AWS, to host the infrastructure. AWS undergoes strict ongoing security assessments from external audit firms to ensure compliance with security standards including ISO 27001, SOC 2, PCI DSS Level 1, and FISMA. See https://aws.amazon.com/compliance/programs/ for more details.
Network access to the Immersive Services infrastructure is highly restricted. AWS hosted infrastructure resides in a dedicated Virtual Private Cloud (VPC) which is designed to ensure that only authorized traffic over approved ports is allowed. We use ThreatStack to monitor for suspicious activity.
