Cloud Services

August, 2023


At the user endpoint, only an evergreen browser is required. Major releases will be tested on the current versions of:

When using outdated and/or other browsers, your mileage may vary. 3D features require hardware acceleration.

The Lighthouse audits, being run with slow network connectivity, result in these spectacular scores of a typical Vision 42 ® application:

For details, see the attached report. Even on an emulated mid-range smartphone from 2020, the score stays nearly 100% across the board. Note we make use of HTTP/2 and IPv6. An application's performance is regularly assessed. In case of diminishing performance, measures will be taken to speed up the application. Among possible improvements are code refactoring, database tuning, and adding hardware.

Each application exists in at least three environments: development, quality assurance, and production. Our release management is based on promotion to the next environment, to limit human error. All versions of the source code, the database schemata, the documentation, and the configuration files are immutably stored in a blockchain, in case a rollback is required. All data in the quality assurance environment is copied daily from production.

Application bugs will be fixed free of charge.


Applications made by Vision 42 need infrastructure (servers, storage, and network) to run on. Vision 42 selects reliable and accomplished infrastructure-as-a-service (IaaS) providers to host the applications. At the time of writing, these providers are TransIP and Google.

Although our IaaS providers guarantee and deliver 99.99% uptime, the availability of a Vision 42 application can be slightly lower. Keeping potential release issues in mind, the effective availability will be at least 99.9%. Internet and customer network issues are out of our control, so the perceived availability at certain user endpoints might be lower. Free or captive-portal based Internet access, like in hotels, are often not stable enough and can cause sub-optimal operation. Intermediate cyber attacks of the distributed denial of service (DDoS) type, have been known to cause multi-hour Internet connection saturation [1]. Our current operational status and detailed uptime statistics can be consulted on a public status page. In case of calamities, news will be published on our website or on Twitter.

The primary data centers are state-of-the-art and are located in Amsterdam and Rotterdam, in The Netherlands. See the attached fact sheet for details. Our IaaS providers have a massive bandwidth available.

Vision 42 applications run on redundant physical servers. All servers have been over-dimensioned, so they have power to spare. Currently, the specifications of a single virtual server are:

Our Domain Name System (DNS) provider is Cloudflare.

[1] The Netherlands has a powerful National Scrubbing Center against DDoS attacks.

The Datacenter Group Amsterdam.pdf

Backup and Restore

Although our primary IaaS vendor provides backups, we choose not to place all of our eggs in one basket. That is why we make use of an independent backup-as-a-service (BaaS) provider. At the time of writing, this provider is

Geographically, the secondary data center is located in Denver, USA [3]. In contrast with Amsterdam [1] and Rotterdam [2], Denver is located one mile above sea-level. The geographical difference between both locations provide protection against complete data-loss caused by most natural disasters. Additionally, offsite backups are kept at two separate locations in Belgium [4] [5]. Data for optional artificial intelligence resides in Frankfurt [6]. In case a big asteroid destroys The Netherlands, Colorado, and Belgium at once, we fear your data may be lost. At that moment, it will be the least of your problems...

All databases are continuously being replicated offsite. All other files are copied offsite with hourly intervals. Daily, a full backup of the databases is performed, verified, and stored in both data centers and all offsite locations. We keep many snapshots, so we can restore up to 3 years ago. Our recover point objective (RPO) is minutes at most.

Using transaction logs, we can restore to any point in time. In case of accidental deleting of data, we can remove the harmful commands from the log and restore up to the current situation, without any data loss.

Recover time objective (RTO) depends on the service level agreement (SLA) of your support formula and will typically be next business day at most.

We offer a takeout service to leaving clients. A large ZIP-file will be provided, containing your data in easily readable CSV-files.


Our infrastructure and the applications are continuously being monitored. Alerts are sent to the engineering staff, who often solve the infrequent problems before a customer notices. Monitoring includes:


All servers run FreeBSD or Linux operating systems. We proactively patch and upgrade all system software. If an intrusion or a privilege escalation attempt is detected, automatic countermeasures will fire immediately.

Instead of passwords, salted cryptographic hashes are stored in the database. Weak passwords are not allowed. Brute-force attacks are crippled by delaying failed authorization attempts.

All external network connections are encrypted, both the client/server as the server/server connections. Certificates are always being verified. Strong certificates are used for our servers. Additionally, we make use of:

We hold these security ratings (reports attached):

Our TLS implementation is compliant with:

Our email is protected from eavesdropping and impersonation by:

Every write operation can be traced to a specific user, an IP address, and a browser type. Relevant server logging is being kept for 10 weeks:

ImmuniWeb SSL.pdf
Qualys SSL Labs.pdf
Mozilla Observatory.pdf
Mail Tester.pdf