Security
Security is core to what we build for clients — and to how we run our own systems.
Our practices
- Least-privilege access and audited credentials for all infrastructure.
- Encryption in transit (TLS) and at rest for data we hold.
- Input validation, rate limiting, and spam protection on all public endpoints.
- Dependency and configuration review as part of our delivery pipeline.
Compliance
Our client engagements are designed to meet SOC 2, HIPAA, and FedRAMP-aligned controls where required. Reach out for our current attestations.
Responsible disclosure
If you believe you've found a vulnerability in this site or our services, please email [email protected] with details. We'll acknowledge within two business days and keep you updated. Please give us reasonable time to remediate before public disclosure.
Contact
General security questions: [email protected].
Template noticeThis page describes intended practices for the VertexStudio site and is a starting point, not a formal attestation.