Trust and Security

Your vendor inventory is sensitive. We take that seriously.

When you hand over a list of the vendors your business depends on, you are trusting us with a map of your attack surface. Here is exactly how we protect it.

Data Security

  • Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Hosted on Vercel infrastructure with SOC 2 Type II compliance
  • Database: Neon Postgres with automated backups and point-in-time recovery
  • Your data is never sold, shared, or used to train AI models

Data Residency

  • All data stored in the United States (us-east-1)
  • EU and Canada residency options available on Enterprise plans

Access Controls

  • Multi-factor authentication on roadmap (Q3 2026)
  • Role-based access control (owner, admin, member) within organizations
  • All access is logged and auditable

Our Security Posture

  • We use the same vendor monitoring we sell: our own vendor stack is monitored via OpenPostern
  • Dependency scanning on every deploy
  • Responsible disclosure: security@openpostern.com

Incident History

No security incidents to report since launch.

Certifications (in progress)

SOC 2 Type II audit

Expected Q3 2026

In progress

Penetration test

Scheduled Q2 2026

Scheduled

Curious how we calculate vendor risk scores? Read our methodology.

How we score vendors

Questions about security

Questions about our security posture?

We respond to every security inquiry within one business day.

security@openpostern.com