It's official! Vecta™ is now available to everyone. Delivering agentic AI for global HR compliance at scale. Try it now!Ditch the H-1B visa. Access top talent with Vectis EOR™.New: Vectis Shield™ — $25K contractor misclassification guarantee.It's official! Vecta™ is now available to everyone. Delivering agentic AI for global HR compliance at scale. Try it now!Ditch the H-1B visa. Access top talent with Vectis EOR™.
Vectis
Security & Trust

Enterprise-grade security for your global workforce data

SOC 2 Type II certified. ISO 27001. GDPR compliant. AES-256 encryption everywhere. Vectis is built to meet the security requirements of the world's most compliance-conscious companies.

SOC 2 Type II ISO 27001 AES-256 encryption 99.9% uptime SLA
Request security docsIT & integrations

Security Status

All systems secure
AES-256
Encryption at rest
TLS 1.3
In transit
99.9%
Uptime SLA
< 24h
Vuln patching
SOC 2 Type II
Annual independent audit across all 5 trust service criteria.
ISO 27001
Information security management system certified.
GDPR Compliant
EU General Data Protection Regulation.
CCPA Compliant
California Consumer Privacy Act.

Certifications & compliance

SOC 2 Type II

Annual independent audit across all 5 trust service criteria.

Conducted by a Big 4 auditor. Full report available to enterprise customers under NDA.

ISO 27001

Information security management system certified.

Covers our entire platform, infrastructure, and internal processes.

GDPR Compliant

EU General Data Protection Regulation.

Full DPA available. SCCs for cross-border transfers. Data residency options in EU, US, APAC.

CCPA Compliant

California Consumer Privacy Act.

Data access, deletion, and opt-out rights fully supported.

Security features

Every layer of security your organization needs — encryption, access control, infrastructure, and more.

End-to-end encryption

AES-256 encryption for all data at rest. TLS 1.3 for all data in transit. Encryption keys managed in a dedicated key management service with automatic rotation.

Role-based access controls

Granular RBAC with defined permission tiers: admin, manager, finance view, read-only. Every action is logged in a tamper-evident audit trail with user, timestamp, and IP.

Enterprise infrastructure

99.9% uptime SLA. Multi-region redundancy in AWS (EU/US/APAC). Automated failover. Dedicated infrastructure available for Enterprise tier customers.

SSO & identity management

Native SSO via SAML 2.0 and OIDC. Compatible with Okta, Azure AD, Google Workspace, and OneLogin. SCIM provisioning for automated user lifecycle management.

Data residency

Choose where your employee data is stored: EU (Frankfurt), US (Virginia), or APAC (Singapore). All regions include encryption at rest and geo-redundant backups.

Continuous monitoring

Automated vulnerability scanning, dependency monitoring, and intrusion detection running 24/7. Penetration tests conducted twice annually by an independent firm.

Our security commitments

Security isn't a checkbox at Vectis — it's a continuous operating discipline. Here's what we do to keep your data safe.

Independent pen testing
Conducted bi-annually by a third-party security firm. Critical findings remediated within 24 hours.
Vendor security assessments
Every third-party vendor and sub-processor is assessed against our security standards before access is granted.
Employee security training
All employees complete security awareness training quarterly, with role-specific training for engineering and operations.
Incident response plan
Documented and tested IR plan. Customer notification within 72 hours of a confirmed breach, per GDPR requirements.
Data retention & deletion
Clear retention schedules by data category. Customers can request full data deletion and receive a certificate of destruction.
Bug bounty program
Responsible disclosure policy with rewards for valid security findings. Report to security@vectis.com.
G2 · 4.9/5
"Our security team is notoriously thorough. We ran Vectis through a full vendor assessment — SOC 2, pen test results, architecture review. They passed everything. Fastest procurement approval I've seen for an HR system."
SW
Sarah W.
CISO · Enterprise FinTech, regulated in 12 jurisdictions

Available documentation

SOC 2 Type II report (under NDA)
ISO 27001 certificate
Penetration test executive summary
Completed security questionnaires (SIG Lite, CAIQ)
Data Processing Agreement (DPA)
Subprocessor list
Request security pack

Enterprise security features — SSO, SCIM, data residency, dedicated infra — available on Enterprise plan.

See pricing

Security FAQs

Answers to the questions your security and legal teams will ask.

Questions about security? We'll answer them.

Our security team completes questionnaires in 5 business days and provides full documentation for enterprise procurement.

Request security docsContact security team

SOC 2 Type II · ISO 27001 · GDPR · AES-256 encryption

Request our full security documentation pack — delivered in 5 business days

Request security docs
Book a demo Contact