VendoSec was engineered with security at its foundation — not as an afterthought. Every architectural decision, from infrastructure to data handling, is made to protect your vendor data and your customers' trust.
Compliance & Standards
VendoSec aligns with major privacy regulations and security standards so your security team can deploy with confidence.
Privacy Practices
VendoSec acts as a data processor on your behalf. We do not sell, rent, or share your data with third parties for advertising or any commercial purpose outside of delivering the platform.
We collect only what is necessary to operate the service — organization and user information, vendor assessments, uploaded documents, and platform usage data for product improvement.
Personal data is retained only as long as needed to deliver the service or as required by law. Upon contract termination, customer data is deleted within 30 days upon request.
Vendor & Assessment Data
All vendor profiles, assessments, and evidence are scoped to your organization only. Remediation tracking and notes never leave your tenant boundary.
Subservice organization and fourth-party data is stored under your organization partition. No vendor data is visible to VendoSec staff without explicit authorization from the customer.
Data export and deletion are available upon request per our Data Processing Agreement (DPA).