In this article, we summarize the security implementations that we enforce to securely send and store data used by Vuforia Engine.
Vuforia Engine and supporting cloud services are SOC 2 Type 2 attested, and undergo regular rigorous penetration testing and vulnerability scanning.
Statistical Data
Applications using the Vuforia Engine SDK communicate basic statistical data to PTC Inc at runtime. These include:
- Device information.
- Vuforia Engine version and license check.
- Application information and Vuforia Engine lifecycle events.
For a complete list, please see Vuforia Statistics.
Communication with the Cloud
The Vuforia Engine SDK, during runtime, does not send Content (defined in the Vuforia Engine Developer Agreement) to the cloud, but may send some analytics and statistics as outlined on this page: https://developer.vuforia.com/legal/statistics.
However, if the Cloud Recognition and/or Web API service(s) are used by the SDK, then some Content may be sent to our cloud services, as outlined below.
Some Engine tools, such as the Model Target Generator, Area Target Generator, and during Area Target capture with the Vuforia Creator App, as well as web APIs, may send Content to Vuforia servers as requested by the user for performing certain actions. See the Data Transfer and Retention table below for details.
Authentication
Authentication to the Developer Portal and the Vuforia Web Services API relies on either OAuth2 or OAuth 1.0a-like flows, depending on the feature. See Vuforia Web API Authentication for authentication methods.
Encryption
Data in Transit
All data exchanged with the Vuforia Cloud services is encrypted using HTTPS with Transport Layer Security (TLS) 1.2 or greater.
Data at Rest
Personal Information is stored in AWS RDS (Amazon Web Services – Relational Database Service) and encrypted. For more information about what personal data is captured, see PTC’s Privacy Policy.
Cloud Recognition and the Vuforia Developer Portal use Amazon S3 (Simple Storage Service) non-public buckets for storing images, and metadata is stored in Amazon DynamoDB. All cloud components are monitored and secured in Amazon VPCs.
Data Transfer and Retention
Analytics and usage data listed in the Vuforia Statistics page is not considered sensitive and may be collected by one or more Engine tool, SDK, Web Application or Web API as outlined in the statistics document.
Customer “Content” is defined in the Vuforia Engine Developer Agreement and includes any data Customer uploads to Cloud Recognition or other Engine services. For the avoidance of doubt, it does not contain data outlined in the Vuforia Statistics page.
Client |
Feature |
Customer Datatransferred |
Customer Dataretention |
Storage Region |
Engine SDK |
Applications running on the end-user’s device may send below listed Vuforia Engine SDK data during runtime, depending on the type of features the application is implementing. |
|||
|
Model Target tracking |
- |
- |
- |
Area Target tracking |
- |
- |
- |
|
Area Target Capture API |
- |
- |
- |
|
Instant Image Targets |
- |
- |
- |
|
Device Image Targets (device databases) |
- |
- |
- |
|
VuMarks |
- |
- |
- |
|
Barcode Scanner |
- |
- |
- |
|
Ground Plane |
- |
- |
- |
|
Cloud Image Targets |
Camera frames are sent to the Engine Cloud recognition service for querying against the reference Image Targets |
3 days |
US or EU or AP depending on query location |
|
Target Manager(Vuforia Engine Developer Portal) |
Assets are uploaded to the Vuforia Cloud for database creation. Databases are then downloaded and incorporated into the app at development time. |
|||
|
Device Image Targets (device databases) |
Images are sent to the cloud dataset creation and retrieval |
Until deletion |
US |
Cloud Image Targets |
Reference images and their metadata are sent to the cloud for indexing and retrieval |
Until deletion |
US and EU and AP |
|
VuMarks |
Vumark templates and instances are sent and stored in the Engine Cloud |
Until deletion |
US |
|
Unity Extension |
|
|||
|
Same as Engine SDK |
|
|
|
VuMarks designer |
|
|||
VuMarks |
- |
- |
- |
|
Model Target Generator |
|
|||
Standard Model Targets |
- |
- |
- |
|
|
Advanced Model Targets |
The 3D Model is sent to the cloud for training |
24 hours (*) |
EU |
|
Simplification |
The 3D Model is sent to the cloud for simplification |
24 hours (*) |
EU |
|
Model Conversion |
- |
- |
- |
|
Model Coloring |
- |
- |
- |
Area Target Generator |
|
|||
Area Targets |
- |
- |
- |
|
Vuforia Creator App |
|
|||
Area Target Capture |
- |
- |
- |
|
Web API |
|
|||
Cloud Targets |
Reference images and their metadata are sent to the cloud for indexing and retrieval |
Until deletion |
US and EU and AP |
|
|
Cloud Query |
Query images are sent to the Engine Cloud recognition service for querying against the reference Image Targets |
3 days |
US or EU or AP depending on query location |
|
VuMarks |
VuMark templates and instances are sent and stored in the Engine Cloud |
Until deletion |
US |
|
Advanced Model Targets |
The 3D Model is sent to the cloud for training and dataset generation |
24 hours (**) |
EU |
|
Standard Model Targets |
The 3D Model is sent to the cloud for dataset generation |
24 hours (**) |
EU |
(*) Unless the opt-in “share data” setting is enabled. See Model Target Generator Data Processing.
(**) Unless the opt-in “preserveCadModel” request parameter is enabled. See Web API Reference Library.
Enterprise Firewall Configuration
Engine Services and tools communicate via HTTPS to Vuforia Engine Cloud hosts with dynamic IPs that may be blocked by firewall and security settings.
To unblock, whitelist *.vuforia.com in your settings.
For a list of the exact URLs that must be accessible through your company’s firewall in order to communicate with Vuforia Web Services, please contact support at vuforia-feedback@ptc.com.