Security
Security overview
Besticoder operates the multi-tenant Vmoox software-as-a-service platform used globally at vmoox.com and app.vmoox.com. This page describes our general security approach and clarifies responsibilities between us and customers.
This information is provided for transparency only. It is not a warranty, service level commitment, or legal advice.
No security guarantee
While we work to protect the Service using commercially reasonable measures, NO ONLINE SERVICE CAN BE GUARANTEED TO BE COMPLETELY SECURE. Vmoox does not warrant uninterrupted security, error-free operation, or immunity from unauthorized access, data loss, malware, or third-party attacks.
You use the Service at your own risk and must implement appropriate controls within your organization commensurate with the sensitivity of your data and regulatory obligations.
Customer security responsibilities
YOU ARE SOLELY RESPONSIBLE for the security, confidentiality, integrity, availability, compliance, and backup of data and operations within your workspaces. This includes user provisioning and deprovisioning, role-based access control, strong authentication practices, secrets management, secure integration configuration, vendor review, employee training, incident response within your organization, and compliance with laws applicable to your industry and geography.
Vmoox is not responsible for incidents arising from weak passwords, shared credentials, excessive permissions, misconfigured automations, unpatched client devices, third-party breaches, or failure to maintain independent backups.
Platform measures we may employ
We may use industry-common safeguards such as transport encryption (TLS), encryption at rest where supported by our infrastructure, logical workspace separation, role-based permissions, logging, monitoring, vulnerability management processes, and access controls for Vmoox personnel on a need-to-know basis.
Specific controls may evolve over time and may vary by feature, plan, or deployment configuration. Descriptions on this page are high-level and non-exhaustive.
Workspace isolation and access control
Workspace data is logically separated within the platform architecture. Role-based permissions are intended to limit what workspace members can view or modify according to administrator configuration.
Effective isolation depends on correct administration by you. Misconfigured roles, shared admin accounts, or external sharing of exports can undermine isolation despite platform controls.
Integrations and third-party risk
Connections to third-party APIs and messaging platforms introduce additional risk surfaces outside Vmoox's direct control. Third parties may change security requirements, revoke tokens, leak credentials, or suffer outages and breaches.
You are responsible for evaluating integration risk, rotating credentials, limiting scopes, and monitoring third-party security advisories. Vmoox is not liable for security incidents originating in third-party systems.
Backups and data recovery
You are responsible for maintaining your own backup and recovery strategy for business-critical data, including exports and redundant copies stored outside the Service where appropriate.
Any internal platform backups or snapshots we maintain, if any, are for operational continuity and disaster recovery of the Service itself—not a substitute for customer-controlled backups. Vmoox disclaims liability for data loss to the maximum extent permitted by law.
Security incidents and notification
If we become aware of a security incident affecting the platform that materially compromises confidentiality of customer account data under our control, we will take reasonable steps to investigate, mitigate, and notify affected customers or controllers as required by applicable law and contracts.
You are responsible for notifying your users, regulators, and affected individuals where your role as controller requires notification for incidents within your organization or integrations you manage.
Responsible vulnerability disclosure
If you believe you have discovered a security vulnerability in the Service, contact support@vmoox.com with sufficient detail to reproduce the issue. Do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate.
We do not authorize penetration testing against production systems without prior written approval. Unauthorized testing may violate law and these Terms.
Compliance and certifications
Unless expressly stated in a signed agreement, Vmoox does not represent that the Service complies with any specific regulatory framework for your use case, including HIPAA, PCI DSS scope for your environment, or sector-specific regimes.
You are responsible for determining whether the Service is appropriate for your compliance needs and for implementing complementary controls.
Security contact
Security inquiries and vulnerability reports: support@vmoox.com.
Please include affected URLs, timestamps, workspace identifiers (if applicable), and proof-of-concept information that allows safe reproduction.