Rakuten Viber achieves SOC 2 Type II certification

At Rakuten Viber, security and privacy are core to our product design and philosophy. As we aim to provide a secure communication environment for users and brands, we are proud to announce that Rakuten Viber has received the SOC 2 Type II certification.

What is SOC 2 Type II?

SOC 2 is a rigorous audit framework commonly used for SaaS companies and developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 is like a financial audit but for data security. Just as an accountant thoroughly reviews a company’s financial records to ensure they are accurate and comply with regulations, SOC 2 auditors thoroughly review a company’s data security practices to ensure they meet high standards.

Type II involves extended testing of security systems: from three months to a year. This thorough approach ensures the company consistently maintains high security standards, not just for a short time. It provides stronger proof that the company's data protection measures are reliable and trustworthy.

Rakuten Viber’s audit was conducted by one of the Big Four professional services firms and a true auditing expert. It confirms our high standards in security, availability, confidentiality, and privacy of customer data.

This certification proves that Rakuten Viber’s security practices meet some of the highest standards in the world.

“Obtaining SOC 2 Type II compliance is a significant milestone for Rakuten Viber and a testament to our unwavering commitment to ensuring the security and privacy of our users,” said Liad Shnell, VP Engineering and CISO. “This certification validates our proactive approach to information security and our dedication to maintaining the highest standards of data protection. We will continue to prioritize the confidentiality and integrity of the information entrusted to us and strive to provide a secure and reliable messaging platform for our global community.”

Rakuten Viber: private & secure — as a standard

SOC 2 compliance is an important benchmark, but it's not the only reason to trust us. In 2016, Rakuten Viber became one of the first major messaging apps to implement end-to-end encryption for all private chats and video calls, and we constantly work on improving our infrastructure to ensure security.

Key security and privacy measures:

1. AWS cloud infrastructure  (Amazon Web Services): Our servers use AWS, which supports many security standards and compliance certifications: PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. 
2. Secure connections: Public servers connect to ours over HTTPS only, and communication with partner or customer servers is always SSL-encrypted.
3. Legal compliance: We comply with PCI, GDPR, and applicable data protection laws, including CCPA & CPRA. (Rakuten Viber’s GDPR compliance includes complete data mapping, adjustments to data practices where required, and also allowing the automated exercise of data subject rights.) 
4. IP Whitelisting: We whitelist specific IPs, rather than domains, for each business.
5. No message storage: We do not store the contents of our customers’ private messages on our servers after delivering them. 
6. Rigorous encryption: All private and group chats and private calls use end-to-end encryption by default. Viber Business Messages and bots are protected with encryption in transit: as soon as the message is sent (it’s “in transit”), it’s encrypted and will stay encrypted while it is in transit — until it reaches the final destination. 
7. No data selling: Rakuten Viber never sells our customer information.

We want everyone using Rakuten Viber — both users and brands — to feel completely safe and in control of their data. 

Have questions about our security practices? Check out these resources for more information:

• Viber for Business: security & privacy
• Rakuten Viber: Privacy Policy