Security questions

    Security FAQ

    SOC 2 controls, SSO/SAML, isolation, residency, and incident response.

    • Is Vantage SOC 2 compliant?

      Vantage operates under SOC 2 controls and is preparing for SOC 2 Type II attestation. Evidence packs are available to Enterprise customers under NDA. See /trust for the current security posture.

    • How is our data isolated from other customers?

      Every workspace is row-level-secured by org_id at the database layer. Cross-workspace access is blocked at the policy layer, not just at the application layer. Every query is scoped to the authenticated user is org.

    • Where is customer data stored?

      In the United States only. Storage, processing, and backup all run inside US regions, and personnel with production access are US-based.

    • Do you support SSO and SAML?

      Yes. SSO with SAML 2.0 and OIDC is included in the Enterprise tier. Okta, Azure AD, Google Workspace, and any compliant IdP are supported.

    • How are backups and disaster recovery handled?

      Daily diff-based backups across 20+ core tables, with point-in-time restoration. Disaster recovery rehearsals run on a scheduled cadence and the results are available to Enterprise customers.

    • Can we export our data if we leave?

      Yes. Full export in open formats (CSV and JSON) on demand, with no contractual lock-in on your strategy data. The roadmap belongs to you.

    Don't see your question? Browse all categories or contact the team.