Security
Vectora's security practices, compliance certifications, and enterprise security features.
Security overview
Vectora is built with security as a foundational requirement, not an afterthought. Our platform is designed for teams handling sensitive operational data.
Compliance
- SOC 2 Type II — Annual audit with report available on request
- GDPR — Full data processing agreement available for EU customers
- HIPAA — Business Associate Agreement available on Enterprise plans
Data protection
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Database backups encrypted and stored in geographically redundant locations
- Customer data logically isolated per workspace
Access control
- Role-based access control (RBAC) with customizable permission sets
- Single Sign-On (SSO) via SAML 2.0 and OIDC on Growth and Enterprise plans
- Multi-factor authentication enforced at the organization level
Audit logging
Enterprise plans include comprehensive audit logs tracking:
- User authentication events
- Permission changes
- Workflow modifications
- Data export activities
- API key usage
Logs are retained for 365 days and exportable in JSON and CSV formats.
Reporting security issues
If you discover a security vulnerability, please report it to security@vectora.dev. We acknowledge reports within 24 hours and provide regular updates on remediation progress.
We maintain a responsible disclosure policy and do not pursue legal action against good-faith security researchers.