Security

Our dedication to security and privacy is steadfast and resolute.
Acknowledging the paramount importance of protecting your data, we employ rigorous and industry-leading security protocols to guarantee the constant safety and integrity of your information.

GDPR
Vendorvue fully complies with the General Data Protection Regulation (GDPR). This regulation requires businesses to protect the personal data and privacy of EU citizens for transactions within EU member states. Under GDPR, EU citizens can:
- Request all information a company has saved about them
- Request removal of all their personal information from a company's systems and any subprocessors who have handled their data

Product Security
‍We offer a range of authentication options with varying security levels:
- Username/password
- Email magic links
- Enterprise SSO (using SAML or OIDC, available upon request)
- Directory sync (available upon request)

Our security measures include:
- Continuous vulnerability scanning of our codebases
- Regular penetration testing
- Periodic risk assessments
- Employee security awareness training

Data Security
Encryption at Rest: We encrypt all data at rest, mitigating the risk of unauthorized access to user data on storage systems.
Encryption in Transit: All data in transit is encrypted using modern TLS protocols.

You can find our subprocessors here.

Data locality
‍Our data infrastructure supporting organization data is located in the European Union, specifically in Amazon Web Services's Frankfurt (Germany) region.

Availability and reliability
- Public status page available at: https://status.vendorvue.io
- Regular data backups to protect against data loss

Organizational Security
- All employee workstations use encrypted disks
- Automatic workstation locking
- Strict access controls and least privilege principles

Business continuity
‍We maintain a comprehensive business continuity plan, including:
- Regular data backups
- Disaster recovery procedures
- Redundant systems and failover mechanisms

We are committed to maintaining the highest standards of security and privacy. This document is regularly reviewed and updated to reflect our ongoing efforts in this area. For any questions or concerns regarding our security and privacy practices, please contact our security team.
‍
Last updated 22/08/2024