Security questions
Security
FAQ
SOC 2 controls, SSO/SAML, isolation, residency, and incident response.
Is Vantage SOC 2 compliant?
Vantage operates under SOC 2 controls and is preparing for SOC 2 Type II attestation. Evidence packs are available to Enterprise customers under NDA. See /trust for the current security posture.
How is our data isolated from other customers?
Every workspace is row-level-secured by org_id at the database layer. Cross-workspace access is blocked at the policy layer, not just at the application layer. Every query is scoped to the authenticated user is org.
Where is customer data stored?
In the United States only. Storage, processing, and backup all run inside US regions, and personnel with production access are US-based.
Do you support SSO and SAML?
Yes. SSO with SAML 2.0 and OIDC is included in the Enterprise tier. Okta, Azure AD, Google Workspace, and any compliant IdP are supported.
How are backups and disaster recovery handled?
Daily diff-based backups across 20+ core tables, with point-in-time restoration. Disaster recovery rehearsals run on a scheduled cadence and the results are available to Enterprise customers.
Can we export our data if we leave?
Yes. Full export in open formats (CSV and JSON) on demand, with no contractual lock-in on your strategy data. The roadmap belongs to you.
Don't see your question? Browse all categories or contact the team.
