Security & Data Protection
Table of Contents
Our Approach to Security
VendorOps is built with security and data protection as core principles. While we are an early-stage product, we follow industry best practices to safeguard customer data.
Data Residency
- All customer data is stored within the European Union
- No data is transferred outside the EU without appropriate safeguards
Encryption
- In transit: All traffic is encrypted using TLS
- At rest: Stored data and documents are encrypted at the storage level
Access Control
- Tenant-level data isolation
- Role-based access within the application
- Least-privilege access for internal systems
Infrastructure Security
- Secure cloud infrastructure
- Firewalls and network-level protections
- Regular security updates and patching
Backups & Availability
- Automated backups are performed regularly
- Backups are encrypted and stored securely
- Disaster recovery procedures are documented
Monitoring & Logging
- Application and access logs are monitored
- Suspicious activity is investigated promptly
- Logs are retained for security and auditing purposes only
Data Processing & GDPR
VendorOps acts as a data processor for vendor data uploaded by customers. We support GDPR obligations including:
- Data access requests
- Data deletion
- Data export
A Data Processing Agreement (DPA) is available upon request.
Incident Response
In the event of a data security incident:
- We investigate immediately
- Affected customers are notified without undue delay
- Required authorities are notified where legally required
Certifications
VendorOps does not currently hold formal security certifications (e.g. ISO 27001, SOC 2). Our security practices are designed to scale, and certifications will be evaluated as customer and regulatory requirements grow.
Contact
For security-related questions: security@vendorops.eu