Vantage is built from the ground up with security, privacy, and compliance in mind. We understand audit data is sensitive and treat it accordingly.
Multi-layered security controls protect your data at every level.
Database-level tenant isolation ensures your data is completely separated from other customers. PostgreSQL RLS policies enforce access at the query level.
All data is encrypted using AES-256 encryption. Database, file storage, and backups are all encrypted with customer-specific keys.
All connections use TLS 1.3 with strong cipher suites. HSTS is enforced across all endpoints to prevent downgrade attacks.
Encryption keys are managed through AWS KMS with automatic rotation. Keys are never stored in application code or configuration files.
Private VPC deployment with security groups, NACLs, and WAF protection. DDoS mitigation through AWS Shield.
Hosted on AWS with SOC 2, ISO 27001, and FedRAMP certified infrastructure. Regular security patches and hardened configurations.
MFA is available for all users and required for administrators. Supports authenticator apps and security keys.
Granular permissions with predefined roles (Admin, Manager, Reviewer, Staff) and custom role support for Enterprise.
Enterprise plans support SAML 2.0 SSO with Azure AD, Okta, OneLogin, and other identity providers.
Every action is logged with user, timestamp, IP address, and change details. Logs are immutable and retained for 7 years.
We're committed to meeting the highest security standards.
Security, Availability, and Confidentiality criteria. Expected completion Q2 2025.
Full compliance with EU data protection regulations including data subject rights.
California Consumer Privacy Act compliance for US customers.
BAA available for healthcare organizations on Enterprise plans.
Our security team is happy to discuss our practices in detail. We also provide security questionnaire responses and penetration test summaries upon request.