Canvas takes data security seriously. We are committed to safeguarding your privacy and ensuring that you can access our platform without worrying about the security of your personal information. We partner with two companies that handle your Personally Identifiable Information (PII). These are:
VIX VERIFY INTERNATIONAL PTY LTD (ABN 165 074 395), is a private identity verification services provider and a gateway service provider for the Commonwealth Document Verification Service. Vixverify or GreenID is the 3rd party ID verification service Canvas utilises, as we do not hold client identification details (such as Medicare / Drivers License / Passport etc) on our Canvas server. GreenID data security measures includes the below excerpts from their website:
Formstack Forms (Formstack, LLC) is a private workplace productivity solution tool that Canvas utilises to capture data for client operations. The data privacy and security for Formstack can be found on their website:
Campaign Monitor is an email marketing software that Canvas utilises to send out messages and emails for client operations. The data privacy and security for Campaign Monitor includes the below excerpts from their website:
All personal information held by Vixverify is protected from unauthorised access through the use of secure passwords and user logons and other forms of biometric verification.
Vixverify stores all personal information that it collects securely in a manner that is sufficient to prevent misuse and loss, unauthorised access, modification or disclosure of personal information. Vixverify maintains a high level of data security by implementing:
Formstack uses AWS in the United States as its external security hosting provider. AWS meets System and Organization (SOC) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance:
All submission data to Formstack is disk encrypted under AES-256 and data in transit is protected by TLS >=1.2 to provide end-to-end communication security.
Campaign Monitor stores data in a US-based data centre and it uses multiple data processing locations including USA, Australia and Germany. Campaign Monitor also uses CloudFront at strategic AWS edge and regional locations as an external content delivery network for faster content caching. More on Amazon’s CloudFront can be found here:
Physical controls are also implemented to prevent unauthorised access to, or disclosure of, customer data. The data centres are monitored 24×7 for all aspects of operational security and performance. They are also equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, keycards, and around-the-clock interior and exterior surveillance.
The application of Campaign Monitor has been designed with focus on security by leveraging OWASP-aligned security principles for software engineering, encryption technologies and security assurance.
Users can contact Vixverify to address any concerns that they have about their personal information.
To comply with privacy practices globally, Formstack is committed to continued Forms compliance with GDPR, PIPEDA, and other privacy regulations and laws: