Skip to main content
Vincony

Security at Vincony

We take the security of your data seriously. Here's how we protect your information and maintain compliance with international privacy regulations.

Last internally reviewed: Q1 2026 GDPR Ready CCPA Compliant 256-bit Encryption SOC 2 Readiness

99.9%

Uptime target

AES-256

Encryption at Rest

TLS 1.3

Encryption in Transit

<24h

Incident Response

  • All data encrypted at rest using AES-256 encryption
  • TLS 1.3 encryption for all data in transit
  • Hosted on enterprise-grade cloud infrastructure with SOC 2 certified providers
  • Automated backups with point-in-time recovery
  • Network isolation and firewall rules enforced at the infrastructure level
  • Ongoing internal security reviews and automated dependency scanning
  • Secure password hashing using bcrypt with per-user salts
  • Leaked password protection — passwords checked against known breach databases
  • Row-Level Security (RLS) policies on all database tables
  • JWT-based session management with automatic token refresh
  • API keys encrypted server-side using AES-GCM before storage
  • Role-based access control for admin and team features
  • Prompts and generation metadata retained for 90 days, then permanently deleted
  • We do not use your data to train AI models
  • BYOK (Bring Your Own Key) support — use your own API keys with full encryption
  • Right to deletion — request complete data removal at any time
  • Cookie consent with granular preferences (GDPR/CCPA compliant)
  • Do Not Track (DNT) browser signal respected
  • All sub-processors contractually bound to data protection standards
  • AI model providers: OpenAI, Anthropic, Google — enterprise-grade security
  • Payment processing: Stripe (PCI DSS Level 1 certified)
  • Email delivery: Resend (SOC 2 compliant)
  • Regular review of sub-processor security posture
  • 24-hour incident detection and response capability
  • 72-hour breach notification timeline per GDPR requirements
  • Post-incident review and remediation procedures
  • Dedicated security contact for urgent reports
  • Audit logging for all administrative and sensitive operations

Enterprise Security Features

Workspace Isolation

Each workspace operates in its own security boundary with separate access controls and audit trails.

IP Allowlisting

Restrict workspace access to specific IP ranges. Available on Business and Enterprise plans.

Audit Logging

Comprehensive audit logs for all administrative actions, data access, and team member activity.

Data Retention Controls

Configure per-workspace retention policies for chat history, generations, and audit logs.

Spend Controls & Budgets

Set per-workspace and per-member credit budgets with automatic alerts and hard caps.

Compliance Profiles

Pre-configured model-access guardrail profiles (US Legal Safe, Medical Safe, Financial Safe, Enterprise Safe) that restrict which models can be used.

Responsible Disclosure

Found a vulnerability? We run a bug bounty program with safe harbor, a Hall of Fame, and rewards in credits. Report it responsibly and we'll work with you to fix it fast.

Need enterprise-grade security?

Get custom DPAs, dedicated infrastructure, SSO, and priority incident response.

For a comprehensive overview for your security team, visit our Trust Center.

For data processing agreements and legal documentation, see our DPA, Privacy Policy, and Terms of Service.

Need a SOC 2 readiness report or custom DPA? Contact Sales · 99.9% uptime target for paid plans.

Last updated: Q1 2026

Security — Encryption, Privacy & Data Practices | Vincony