Trust Center
Security, privacy, and compliance
built into the platform.
Maintained by Vantage to answer common security questions about the platform: the controls that are enabled today, the third-party services we use, and how to reach us about a security or privacy concern. Customer agreements (Terms, Privacy Policy, DPA, and related notices) are kept separately so they're easier to find and cite.
How does Vantage protect customer data?
Vantage's Trust Center documents the security, privacy, and compliance controls that protect customer data on the AI-native R&D portfolio platform — SOC 2-aligned controls, AES-256 encryption, US-only data residency, RLS-enforced tenant isolation, and an audited subprocessor list.
How we protect customer data
Access & Authentication
Multi-tenant row-level security on every table, SAML SSO and Google OAuth, role-based permissions, idle-session timeouts, and quarterly access reviews.
Encryption
TLS 1.3 in transit, AES-256 at rest. Customer payloads sanitized server-side. Storage buckets are private by default.
Observability
Immutable audit log with SHA-256 integrity hashes, shipped to a SIEM-grade log platform with anomaly alerts on login and admin actions.
Data Residency
All customer data is stored and processed in the United States. Personnel handling production data are US-based.
