Security at Vendasta

line

Security, safety and privacy are our top priority. If you have any questions, or encounter any issues, please contact us.

Man smiling working on a laptop

Explore this page:

Cloud Security

Application Security

HR Security

FAQs

Cloud Security

Physical Security

All Vendasta data is stored in the cloud within the United States across multiple geographically isolated regions. Infrastructure services include environmental controls and on-site security to provide best-in-class protection for your data. You can learn more here.

Data Security

All data is stored encrypted at rest using industry-leading encryption. Vendasta maintains backups of all critical information and uses identity and access management policies to restrict access to authorized systems and personnel.

Infrastructure Security

All application infrastructure is hosted on the cloud and makes use of “infrastructure as code” as a means of providing transparency and auditibility. When possible, Vendasta automates patch management of cloud provider systems.

careers employees
Hands typing on a keyboard

Application Security

Authentication

Vendasta uses single sign-on through trusted identity providers as the preferred means of authentication. Vendasta enforces password minimums and stored passwords are saved securely as salted hashes. User login and password reset attempts are logged and audited for anomalous behaviour.

Secure Development (SDLC)

Secure coding training for all engineers is conducted annually with emphasis on OWASP Top Ten security risks. Vendasta incorporates code scanning and dependency vulnerability detection across the development lifecycle, from developer tools to our CI/CD pipeline.

Vulnerability Management

Our Responsible Disclosure Program gives security researchers an avenue for safely testing and notifying Vendasta of security vulnerabilities through our partnership with HackerOne.

HR Security

Policies

Vendasta has developed a comprehensive set of security policies derived from the Center for Internet Security (CIS) controls. These policies are made available to all employees and critical policies must be read and accepted prior to beginning job functions.

Training

All Vendasta employees undergo mandatory security awareness training annually. All engineers receive annual secure code training.

Personnel

Vendasta regularly audits employee access levels. Access is promptly removed upon employee departure.

Two people shaking hands

FAQs

Start making more money with Vendasta

Ready to explore the Vendasta platform?

Talk to one of our experts or try our software for free to discover exactly how we can help your business sell more at scale.