Vantage Security and Compliance
Effective date:
Product and Data Security
Vantage uses security best practices throughout its application. All users can authenticate with SAML Single Sign-on (SSO) so additional credentials are not needed. Multi-level permissions including RBAC give users team access and management options. Vantage requires 2FA for all staff to access internal systems and requires key rotation and other standard security measures for engineers.
Vantage utilizes a Virtual Private Cloud (VPC) with strict ACLs to prevent network intrusions. Billing data via read-only APIs and cost data is encrypted in transit and at rest. Vantage retains data for up to 36 months depending on pricing tier.
For more information on how user data is handled, please review our Privacy Policy and Service Agreement.
Compliance
Vantage is SOC 1 Type 2 and SOC 2 Type 2 Compliant
Vantage maintains both SOC 1 Type 2 and SOC 2 Type 2 compliance and our reports are available upon request. Vantage serves a global customer base and is committed to complying with local laws and regulations. Vantage is headquarted in New York City and incorporated under Delaware law.
Vantage makes use of a limited number of third party subprocessors to support customers and our product. For information on their security practices, please visit the links below.
- Amazon Web Services
- ClickHouse
- Customer.io
- Datadog
- Hubspot
- Intercom
- Mixpanel
- Salesforce
- Segment
- Sentry
- Slack
- Stripe
- Unify
Report an Issue
Security questions?
If you believe you have found a vulnerability or wish to report an issue, please contact us at security@vantage.sh.