Vendorfi
Get Started FREE

Security

Security & Compliance

Vendorfi is built with enterprise-grade security and governance at its core.

Book a demo Explore solutions

Our Security Philosophy

Security is not a feature at Vendorfi; it's the foundation of everything we build. As a platform that manages sensitive vendor and contract data, we adhere to the highest industry standards to protect our customers' information.

Data Protection

  • Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
  • Isloation: We employ strict logical isolation of customer data to ensure that data from one organization is never accessible by another.
  • Backups: Encrypted backups are performed daily and kept in geo-redundant storage for disaster recovery.

Compliance Standards

We are committed to maintaining a robust compliance posture.

  • SOC 2: Vendorfi is currently in the process of its SOC 2 Type II audit. We maintain internal controls that align with the Trust Services Criteria.
  • GDPR: We are fully compliant with the General Data Protection Regulation (GDPR) and provide features to help our customers meet their own data privacy obligations.
  • CCPA: We support California Consumer Privacy Act (CCPA) requirements for data access and deletion requests.

Infrastructure Security

Vendorfi is hosted on enterprise-grade cloud providers (AWS/Google Cloud) in highly secure data centers. Our infrastructure security includes:

  • DDoS Protection: Advanced mitigation layers to prevent service disruptions.
  • Firewalls & VPC: Strict network security controls to isolate critical systems.
  • Monitoring: 24/7 logging and automated alerting for any suspicious activity.

Internal Governance

We practice what we preach. We use the Vendorfi platform to manage our own vendors, ensuring:

  • Regular security reviews of our sub-processors.
  • Strict access control based on the principle of least privilege.
  • Annual security training for all Vendorfi employees.

Vulnerability Disclosure

We welcome reports from security researchers. If you believe you've found a security vulnerability in Vendorfi, please contact us at security@vendorfi.com. We investigate all legitimate reports and strive to fix them quickly.