Security
Vouch uses enterprise-grade security practices to keep your data safe. Learn about Vouch’s security practices
Our Commitment
Vouch is committed to the security of our customers and their data. As a cloud-based company holding customer data, our goal is to ensure the safety of both our users and their information. We conduct regular penetration tests, adhere to GDPR requirements, and implement encryption for data both at rest and during transmission. The responsibility of safeguarding sensitive customer data is one we take seriously, and it remains our top priority.
Our Shared Security Responsibility Model
Vouch operates under a Software-as-a-Service (SaaS) model, where the security obligations are divided between Amazon Web Services (AWS), Vouch, and our clients. Utilizing AWS for our cloud infrastructure, we ensure our service is consistently accessible, scalable, and secure. AWS handles the security of the physical infrastructure, including buildings, hardware, networking, and the virtualization layer. Meanwhile, Vouch's responsibilities extend to encrypting customer data, securing the application layer, logging and monitoring security events, and tracking the availability of our service.
Customers are responsible for using the Vouch service appropriately and configuring its security features. Examples of customer responsibilities include providing complete and accurate information to Vouch, ensuring the security of devices used to access the service, setting up user authentication appropriately, managing access to the service with users, reporting security issues to Vouch, data security, and managing the security of any other applications or integrations used in customer environment including third party apps and plugins installed in their organization.
Our Policies
The following policies and procedures are followed and enforced at Vouch:
Access Control Policy
Asset Management Policy
Business Continuity and Disaster Recovery Plan
Code of Conduct
Cryptography Policy
Data Management Policy
Human Resource Security Policy
Incident Response Plan
Information Security Policy
Information Security Roles and Responsibilities
Operations Security Policy
Physical Security Policy
Risk Management Policy
Secure Development Policy
Third-Party Management Policy
These policies are followed by all Vouch employees and contractors, who review and accept the policies at the commencement of their employment with Vouch.For a copy of these policies, please reach our to support@vouchfor.com
Trusted by startups and enterprises
Application Security
Data Encryption
All data in Vouch is encrypted in-transit using TLS 1.2+ and at-rest using an industry standard AES-256 encryption algorithm.
Single Sign On
SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
Incident Response
Our incident response plan tackles events that disrupt our service quality, incorporating clear escalation procedures and mobilizing the right teams to investigate, communicate, and resolve the incident
Vulnerability management
Vouch regularly scans production infrastructure, applications and networks for vulnerabilities using off-the-shelf tools to identify potential vulnerabilities that could impact our systems.
SLDC Security
Vouch implements both human and automated review processes in order to ensure consistent quality in our software development practices.
Our Certifications
GDPR
At Vouch we have worked to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant.
SOC2 Type 2
Our SOC 2 Type 2 report attests to the controls we have in place governing the security of customer data as they map to TSPs established by the AICPA
CSA STAR
Vouch participates in the voluntary CSA Security, Trust & Assurance Registry (STAR) Self-Assessment to document our compliance with CSA-published best practices.