Legal
How we protect your financial data
All data is encrypted using AES-256 at rest. All communications are protected by TLS 1.3.
PostgreSQL RLS policies ensure complete data isolation between organizations. No user can access another organization's data.
New accounts require explicit administrator approval before access is granted. No self-service activation.
All data uploads, deletions, and access events are timestamped and logged for audit purposes.
Vantage is hosted on Netlify (global CDN) with a Supabase PostgreSQL backend. Both providers maintain SOC 2 Type II compliance and ISO 27001 certification. SSL/TLS certificates are automatically managed and renewed.
If you discover a security vulnerability, please report it directly to your system administrator. We take all security reports seriously and will investigate promptly.
All responses include X-Frame-Options (DENY), Content-Security-Policy, X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy, and HSTS headers to protect against common web vulnerabilities.