Security
Vouch uses enterprise-grade security practices to keep your data safe. Learn about Vouch’s security practices
Our Commitment
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Our Shared Security Responsibility Model
Vouch operates under a Software-as-a-Service (SaaS) model, where the security obligations are divided between Amazon Web Services (AWS), Vouch, and our clients. Utilizing AWS for our cloud infrastructure, we ensure our service is consistently accessible, scalable, and secure. AWS handles the security of the physical infrastructure, including buildings, hardware, networking, and the virtualization layer. Meanwhile, Vouch's responsibilities extend to encrypting customer data, securing the application layer, logging and monitoring security events, and tracking the availability of our service.
Customers are responsible for using the Vouch service appropriately and configuring its security features. Examples of customer responsibilities include providing complete and accurate information to Vouch, ensuring the security of devices used to access the service, setting up user authentication appropriately, managing access to the service with users, reporting security issues to Vouch, data security, and managing the security of any other applications or integrations used in customer environment including third party apps and plugins installed in their organization.
Our Policies
The following policies and procedures are followed and enforced at Vouch:
- Access Control Policy
- Asset Management Policy
- Business Continuity and Disaster Recovery Plan
- Code of Conduct
- Cryptography Policy
- Data Management Policy
- Human Resource Security Policy
- Incident Response Plan
- Information Security Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Physical Security Policy
- Risk Management Policy
- Secure Development Policy
- Third-Party Management Policy
These policies are followed by all Vouch employees and contractors, who review and accept the policies at the commencement of their employment with Vouch.For a copy of these policies, please reach our to support@vouchfor.com
We've helped 1000+ people teams
Application Security
Data Encryption
All data in Vouch is encrypted in-transit using TLS 1.2+ and at-rest using an industry standard AES-256 encryption algorithm.
Single Sign On
SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Incident Response
Our incident response plan tackles events that disrupt our service quality, incorporating clear escalation procedures and mobilizing the right teams to investigate, communicate, and resolve the incident
Vulnerability management
Vouch regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential vulnerabilities tha tcould impact our systems.
SLDC Security
Vouch implements both human and automated review processes in order to ensure consistent quality in our software development practices.
Our Certifications

GDPR
Vouch implements both human and automated review processes in order to ensure consistent quality in our software development practices.

SOC2 Type 2
Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map toTSPs established by the AICPA

GDPR
Vouch participates in the voluntary CSASecurity, Trust & Assurance Registry (STAR)Self-Assessment to document our compliance with CSA-published best practices.