Back to Home
Legal
Security Policy
An overview of VectorAutomate's security practices, certifications, and commitments to protecting your data.
Certifications
VectorAutomate maintains the following certifications and compliance frameworks.
SOC 2 Type IIHIPAAGDPRISO 27001CCPA
Encryption
- AES-256 encryption at rest for all stored data
- TLS 1.3 for all data in transit
- Customer-managed encryption keys (CMEK) available
- Key rotation enforced on a configurable schedule
Infrastructure
- SOC 2 Type II certified cloud infrastructure
- Multi-region deployment with automatic failover
- DDoS protection and WAF at the edge
- 99.9% uptime SLA with status page monitoring
Access Control
- Role-based access control (RBAC) at every layer
- SSO integration (SAML 2.0, OIDC) with MFA enforcement
- Just-in-time provisioning and SCIM directory sync
- Principle of least privilege for all internal access
Monitoring & Response
- 24/7 security monitoring and alerting
- Automated vulnerability scanning and patching
- Incident response plan with defined SLAs
- Annual penetration testing by third-party firms
Audit & Compliance
- Immutable audit logs for all platform actions
- Exportable logs in standard formats for compliance review
- Data residency controls for regional requirements
- Regular third-party security audits and certifications
Data Privacy
- Tenant data isolation with dedicated encryption
- No cross-tenant data access or model training
- Closed knowledge environment — no internet sourcing
- GDPR, HIPAA, and CCPA compliant processing
Responsible Disclosure
If you believe you have discovered a security vulnerability in VectorAutomate, we encourage responsible disclosure. Please report findings to security@vectorautomate.io. We will acknowledge receipt within 24 hours and provide a detailed response within 72 hours. We do not pursue legal action against researchers who report vulnerabilities in good faith.