Trust Center

    Security, privacy, and compliance built into the platform.

    Maintained by Vantage to answer common security questions about the platform: the controls that are enabled today, the third-party services we use, and how to reach us about a security or privacy concern. Customer agreements (Terms, Privacy Policy, DPA, and related notices) are kept separately so they're easier to find and cite.

    Answer

    How does Vantage protect customer data?

    Vantage's Trust Center documents the security, privacy, and compliance controls that protect customer data on the AI-native R&D portfolio platform — SOC 2-aligned controls, AES-256 encryption, US-only data residency, RLS-enforced tenant isolation, and an audited subprocessor list.

    How we protect customer data

    Access & Authentication

    Multi-tenant row-level security on every table, SAML SSO and Google OAuth, role-based permissions, idle-session timeouts, and quarterly access reviews.

    Encryption

    TLS 1.3 in transit, AES-256 at rest. Customer payloads sanitized server-side. Storage buckets are private by default.

    Observability

    Immutable audit log with SHA-256 integrity hashes, shipped to a SIEM-grade log platform with anomaly alerts on login and admin actions.

    Data Residency

    All customer data is stored and processed in the United States. Personnel handling production data are US-based.

    Looking for the customer agreement, privacy notice, or DPA? Terms, Privacy, Cookies, AI Terms, Acceptable Use, and DPA live on their own pages — kept separate from the security program so they're easier to find, cite, and link.