Security
The real version of "we take security seriously."
TLS 1.3 in transit. AES-256 at rest. Database backups encrypted with separate keys.
Every table is RLS-protected. You see your tenant's data — never anyone else's. Enforced in the database, not in app code.
TOTP-based 2FA available for all users. Sessions auto-expire on inactivity. Re-auth required for sensitive actions.
Owner, AOR, assessor, viewer, client liaison. Server-side validated. No client-side role checks.
Every read of sensitive data is logged with user, IP, timestamp, and action. Logs are tamper-evident.
We run NIST 800-171 internally. Our own assessments live in this same platform — we eat our own cooking.
Hosting & infrastructure
VeeSafe runs on managed cloud infrastructure with SOC 2 Type II–certified providers. Production data lives in US-East regions. We use isolated environments for development, staging, and production with no shared credentials between them.
Backups & continuity
Continuous database backups with point-in-time recovery for the last 30 days. We test restore procedures quarterly. RTO is 4 hours; RPO is 5 minutes for the database tier.
Vulnerability management
Dependency scanning runs on every commit. Database security linter runs on every schema change. Security findings are triaged within 1 business day.
Incident response
If we have a security incident that affects your data, we'll tell you within 72 hours with what happened, what data was involved, and what we're doing about it. No spin.
Customer responsibilities
Use a strong unique password. Enable 2FA. Don't share share-link tokens publicly. Review your audit log monthly. We can't enforce these for you — that part is on you.