Vanture Security Policy

Protecting your data is central to our mission of making trade sourcing transparent, data-driven, and trustworthy.

At Vanture, we recognize that our customers entrust us with sensitive business information. Protecting this data is central to our mission of making trade sourcing transparent, data-driven, and trustworthy. This document outlines the security measures, policies, and commitments we maintain to safeguard our platform and users.

1. Data Protection

Encryption

  • All data transmitted between users and our servers is protected using TLS 1.2+ encryption.
  • Data at rest is encrypted with AES-256 standards.
  • Sensitive fields (e.g., credentials, identifiers) are encrypted before storage.

Data Storage and Retention

  • Data is stored in secure cloud environments located in compliance with regional data protection regulations.
  • Regular backups are maintained to ensure resilience and continuity.
  • Data retention policies align with operational and legal requirements, with options for deletion upon request.

2. Platform Security

Infrastructure Security

  • Hosted on secure, industry-leading cloud providers with physical and logical safeguards.
  • Firewalls and intrusion detection/prevention systems (IDS/IPS) monitor all network traffic.
  • Separation of environments (development, staging, production) to reduce risk of unauthorized cross-access.

Application Security

  • Role-based access control (RBAC) ensures least-privilege access.
  • Input validation and sanitization prevent injection attacks.
  • Regular penetration testing and third-party security audits validate platform resilience.

3. Account & User Security

Authentication

  • Secure password enforcement (minimum length, complexity requirements, and hashing).
  • Optional Two-Factor Authentication (2FA) available for all accounts.
  • Automated session timeouts for inactive sessions.

Monitoring

  • Real-time monitoring of login attempts and suspicious activity.
  • Automatic account lockout after repeated failed login attempts.
  • Email alerts for unusual access patterns.

4. Operational Security

Employee Access Controls

  • Access to production systems is limited to authorized personnel under strict approval workflows.
  • All employees undergo security awareness and compliance training.
  • Device and endpoint security enforced via company-wide policies.

Vendor & Partner Management

  • Third-party vendors are vetted for compliance with international security standards.
  • Data sharing is limited to what is strictly necessary, under contractual safeguards.
  • Periodic vendor security reviews ensure ongoing compliance.

Incident Response

  • Documented and tested incident response procedures.
  • 24/7 monitoring for system anomalies.
  • Clear escalation paths for communication with affected users in case of a breach.

5. Compliance & Privacy

Vanture operates as a GDPR-ready platform, respecting user rights to access, correction, portability, and deletion.

Data processing agreements (DPAs) are available upon request.

Security and compliance practices align with industry standards such as ISO 27001 and SOC 2 principles.

6. Shared Responsibility

We believe security is a partnership. While Vanture provides strong safeguards, users play a role in protecting their accounts by:

  • Using strong, unique passwords.
  • Enabling 2FA.
  • Reviewing account activity and reporting suspicious behavior.

7. Contact

For security-related inquiries, responsible disclosure, or to report a vulnerability, contact our security team:

📧security@vanture.in