Security
Your client data and financials are serious business. Here's how we protect them.
Encrypted
AES-256 at rest, TLS 1.3 in transit
SOC 2 Infrastructure
Hosted on Vercel and Neon (both SOC 2 Type II)
GDPR Ready
Data export, deletion, and DPAs available
Your Data is Yours
We don't sell it. We don't train AI on it.
Infrastructure
Vantage runs on Vercel and Neon. Both are SOC 2 Type II certified. Your data is stored in the US and encrypted everywhere.
Hosting
Vantage runs on Vercel. They handle DDoS protection, SSL, and they're SOC 2 Type II certified. Your data is served from the edge, so it's fast no matter where you are.
Database
Your data lives in Neon, a managed PostgreSQL database. They're SOC 2 Type II certified. Everything's encrypted with AES-256 and backed up across multiple locations.
Backups
Backups run continuously. If something goes wrong, we can restore to any point in time. Backups are encrypted and stored separately from the main database.
Emails go through AWS SES and Resend. Both are SOC 2 compliant and encrypt everything in transit.
Data Protection
Everything's encrypted. AES-256 when stored, TLS 1.3 when moving. Each workspace is isolated. You own your data. We don't sell it or train AI on it.
Encryption
- In transit: TLS 1.3 for all connections
- At rest: AES-256 for all stored data
- Passwords: Hashed with bcrypt
Access Controls
- Isolation: Each workspace is completely separate
- Roles: 6 permission levels per workspace
- 2FA: Available for all users
Your Data
- Ownership: You own it, we don't
- Export: Download anytime (CSV, JSON, PDF)
- No AI: We don't train models on your data
Compliance
Our infrastructure providers are SOC 2 Type II certified. We support GDPR and CCPA with data export, deletion, and DPAs. Need documentation? Email legal@govantage.co
SOC 2 Type II
Our hosting (Vercel) and database (Neon) are SOC 2 Type II certified. This means they've been audited for security, availability, processing integrity, confidentiality, and privacy.
GDPR
If you're in the EU, you have rights: access, rectification, erasure, portability, objection, and restriction. We use Standard Contractual Clauses (SCCs) for international transfers. DPAs available on request.
CCPA/CPRA
California residents can know what we collect, delete their data, and opt out of sale. We don't sell personal information, so there's nothing to opt out of.
Data Processing Agreements
Need a DPA for compliance? Email legal@govantage.co and we'll get you set up.
Operational Security
Development Practices
All code gets reviewed before it ships. We run automated tests and scan for vulnerable dependencies. Every deployment is logged.
Access to Production
Very few people can touch production systems, and those who can need multi-factor authentication. Nobody has more access than they need.
Security Incidents
If something goes wrong, we have a plan. If there's ever a breach, we'll tell you within 72 hours and notify authorities where required.
Vulnerability Reporting
Found a security issue? Email security@govantage.co. We take responsible disclosure seriously.
Security FAQ
Where is my data stored?
Your data is stored in the United States on Vercel (hosting) and Neon (database). Both are SOC 2 Type II certified and use encrypted storage.
Can I export my data?
Yes. You can export all your data anytime from Settings → Export Data. We provide CSV, JSON, and PDF formats depending on the data type.
What happens when I delete my account?
Your data is kept for 30 days (in case you change your mind), then permanently deleted from all systems including backups within 90 days.
Do you use my data to train AI?
No. By default, we do not use your business data to train AI or machine learning models. There's an optional AI Improvement Program (anonymized patterns only), but it's entirely opt-in.
Do you have a SOC 2 report?
Our infrastructure providers (Vercel, Neon, AWS) are SOC 2 Type II certified. We're working toward our own certification. Email security@govantage.co for provider certifications.
Can you fill out our security questionnaire?
Yes. Send it to security@govantage.co and we'll complete it within 5 business days.
Security Questions?
Got questions? Need us to fill out a security questionnaire? Reach out.