Security at Vendasta
Security, safety and privacy are our top priority. If you have any questions, or encounter any issues, please contact us.
Explore this page:
All Vendasta data is stored in the cloud within the United States across multiple geographically isolated regions. Infrastructure services include environmental controls and on-site security to provide best-in-class protection for your data. You can learn more here.
All data is stored encrypted at rest using industry-leading encryption. Vendasta maintains backups of all critical information and uses identity and access management policies to restrict access to authorized systems and personnel.
All application infrastructure is hosted on the cloud and makes use of “infrastructure as code” as a means of providing transparency and auditibility. When possible, Vendasta automates patch management of cloud provider systems.
Vendasta uses single sign-on through trusted identity providers as the preferred means of authentication. Vendasta enforces password minimums and stored passwords are saved securely as salted hashes. User login and password reset attempts are logged and audited for anomalous behaviour.
Secure Development (SDLC)
Secure coding training for all engineers is conducted annually with emphasis on OWASP Top Ten security risks. Vendasta incorporates code scanning and dependency vulnerability detection across the development lifecycle, from developer tools to our CI/CD pipeline.
Our Responsible Disclosure Program gives security researchers an avenue for safely testing and notifying Vendasta of security vulnerabilities through our partnership with HackerOne.
Vendasta has developed a comprehensive set of security policies derived from the Center for Internet Security (CIS) controls. These policies are made available to all employees and critical policies must be read and accepted prior to beginning job functions.
All Vendasta employees undergo mandatory security awareness training annually. All engineers receive annual secure code training.
Vendasta regularly audits employee access levels. Access is promptly removed upon employee departure.
Start making more money with Vendasta
Talk to one of our experts or try our software for free to discover exactly how we can help your business sell more at scale.