Vuforia Engine Data Security

In this article, we summarize the security implementations that we enforce to securely send and store data used by Vuforia Engine.

Vuforia Engine and supporting cloud services are SOC 2 Type 2 attested, and undergo regular rigorous penetration testing and vulnerability scanning.

Statistical Data

Applications using the Vuforia Engine SDK communicate basic statistical data to PTC Inc at runtime. These include:

  • Device information.
  • Vuforia Engine version and license check.
  • Application information and Vuforia Engine lifecycle events.

For a complete list, please see Vuforia Statistics.

Communication with the Cloud

The Vuforia Engine SDK, during runtime, does not send Content (defined in the Vuforia Engine Developer Agreement) to the cloud, but may send some analytics and statistics as outlined on this page: https://developer.vuforia.com/legal/statistics.

However, if the Cloud Recognition and/or Web API service(s) are used by the SDK, then some Content may be sent to our cloud services, as outlined below.

Some Engine tools, such as the Model Target Generator, Area Target Generator, and during Area Target capture with the Vuforia Creator App, as well as web APIs, may send Content to Vuforia servers as requested by the user for performing certain actions. See the Data Transfer and Retention table below for details.

Authentication

Authentication to the Developer Portal and the Vuforia Web Services API relies on either OAuth2 or OAuth 1.0a-like flows, depending on the feature. See Vuforia Web API Authentication for authentication methods.

Encryption

Data in Transit

All data exchanged with the Vuforia Cloud services is encrypted using HTTPS with Transport Layer Security (TLS) 1.2 or greater.

Data at Rest

Personal Information is stored in AWS RDS (Amazon Web Services – Relational Database Service) and encrypted. For more information about what personal data is captured, see PTC’s Privacy Policy.

Cloud Recognition and the Vuforia Developer Portal use Amazon S3 (Simple Storage Service) non-public buckets for storing images, and metadata is stored in Amazon DynamoDB. All cloud components are monitored and secured in Amazon VPCs.

Data Transfer and Retention

Analytics and usage data listed in the Vuforia Statistics page is not considered sensitive and may be collected by one or more Engine tool, SDK, Web Application or Web API as outlined in the statistics document.

Customer “Content” is defined in the Vuforia Engine Developer Agreement and includes any data Customer uploads to Cloud Recognition or other Engine services. For the avoidance of doubt, it does not contain data outlined in the Vuforia Statistics page.

Client

Feature

Customer Data

transferred

Customer Data

retention

Storage Region

Engine SDK

Applications running on the end-user’s device may send below listed Vuforia Engine SDK data during runtime, depending on the type of features the application is implementing.

 

 

 

 

 

 

 

 

Model Target tracking

-

-

-

Area Target tracking

-

-

-

Area Target Capture API

-

-

-

Instant Image Targets

-

-

-

Device Image Targets (device databases)

-

-

-

VuMarks

-

-

-

Barcode Scanner

-

-

-

Ground Plane

-

-

-

Cloud Image Targets

Camera frames are sent to the Engine Cloud recognition service for querying against the reference Image Targets

3 days

US or EU or AP depending on query location

Target Manager

(Vuforia Engine Developer Portal)

Assets are uploaded to the Vuforia Cloud for database creation. Databases are then downloaded and incorporated into the app at development time.

 

 

Device Image Targets (device databases)

Images are sent to the cloud dataset creation and retrieval

Until deletion

US

Cloud Image Targets

Reference images and their metadata are sent to the cloud for indexing and retrieval

Until deletion

US and EU and AP

VuMarks

Vumark templates and instances are sent and stored in the Engine Cloud

Until deletion

US

Unity Extension 

 

 

Same as Engine SDK

 

 

 

VuMarks designer

 

 

VuMarks

-

-

-

Model Target Generator

 

 

Standard Model Targets

-

-

-

 

Advanced Model Targets

The 3D Model is sent to the cloud for training

24 hours (*)

EU

 

Simplification

The 3D Model is sent to the cloud for simplification

24 hours (*)

EU

 

Model Conversion

-

-

-

 

Model Coloring

-

-

-

Area Target Generator

 

 

Area Targets

-

-

-

Vuforia Creator App

 

 

Area Target Capture

-

-

-

Web API

 

 

Cloud Targets

Reference images and their metadata are sent to the cloud for indexing and retrieval

Until deletion

US and EU and AP

 

Cloud Query

Query images are sent to the Engine Cloud recognition service for querying against the reference Image Targets

3 days

US or EU or AP depending on query location

 

VuMarks

VuMark templates and instances are sent and stored in the Engine Cloud

Until deletion

US

 

Advanced Model Targets

The 3D Model is sent to the cloud for training and dataset generation

24 hours (**)

EU

 

Standard Model Targets

The 3D Model is sent to the cloud for dataset generation

24 hours (**)

EU

(*) Unless the opt-in “share data” setting is enabled. See Model Target Generator Data Processing.

(**) Unless the opt-in “preserveCadModel” request parameter is enabled. See Web API Reference Library.

Enterprise Firewall Configuration

Engine Services and tools communicate via HTTPS to Vuforia Engine Cloud hosts with dynamic IPs that may be blocked by firewall and security settings.

To unblock, whitelist *.vuforia.com in your settings.

For a list of the exact URLs that must be accessible through your company’s firewall in order to communicate with Vuforia Web Services, please contact support at vuforia-feedback@ptc.com.

Other Resources

Vuforia Engine Developer Portal

Model Targets and CAD data:

Other Vuforia products

Vuforia Instruct and Expert Capture:

Vuforia Studio and View:

Vuforia Vantage

Vuforia Chalk

For general questions and guidelines:

Can this page be better?
Share your feedback via our issue tracker