Security
Built for senders who can't afford a leak.
Encryption, audit-grade access controls, and an obsession with the boring details that keep your subscriber list safe.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Database snapshots and backups are encrypted with separate keys.
Least-privilege access
Engineers access production through SSO + hardware MFA, scoped per task, fully audit-logged.
Compliance ready
SOC 2 Type II in progress. GDPR-aligned by default. DPA available with Standard Contractual Clauses.
No data resale, ever
We do not sell your data, share it with advertisers, or use your sends to train any AI model.
Hardened infrastructure
Hosted on tier-1 cloud regions with private VPCs, isolated environments, and 24/7 monitoring.
Continuous monitoring
Anomaly detection on auth, sending patterns, and infra. On-call rotation responds within minutes.
Independent audits
Annual third-party penetration tests. Vulnerability disclosure program with active researcher engagement.
Breach commitments
We notify affected customers within 72 hours of confirming any incident, with full forensic detail.
Reports & requests
Need our SOC 2 letter, pen-test summary, or a signed DPA?
We share security documentation under NDA with prospects and customers in procurement. Email security@notifyvero.com and we'll respond within one business day.