Security at Vectary

Every day, thousands of people design and share projects created in Vectary. Your work is valuable, and we strive to ensure that your privacy and data are never compromised. Below are key measures we've put in place:

Compliance

Vectary complies with ISO 27001, GDPR, and CCPA regulations.

What is ISO 27001

ISO 27001 is the globally accepted standard for assessing the life cycle of an organization’s security practices. It is a rigorous assessment of both risk, compliance, and governance that verifies that an organization has a mature, well-managed approach to information security. Vectary has achieved ISO 27001 compliance.

Security practices

Gaining and preserving the trust of our users has always been a significant priority at Vectary.

Data security

  • Our services are hosted in Amazon Web Services (AWS) facilities in Ireland, ensuring protection against single data center failures.
  • We maintain a clear separation of our production, staging, and development environments.
  • Classified data is encrypted and securely stored and managed.
  • All our AWS data services have been configured to use AES 256-bit key encryption at rest.

Product security

  • Our continuous delivery practices ensure a safe, reliable, and rapid rollout of changes.
  • We conduct regular vulnerability scans and penetration tests.
  • An incident management process is in place to handle security breaches.

Infrastructure & network

  • We use TLS to secure data transport and have implemented HTTP Strict Transport Security to defend against downgrade attacks.
  • Network segmentation is a key part of our security strategy.
  • Our hosting environment ensures data security and availability.

Operational security

  • User data is redundantly stored at multiple AWS data centers and is continuously backed up.
  • We maintain a risk assessment strategy and methodology and adhere to a rigorous access management principle.

Organizational security

  • Security training is mandatory for all employees.
  • We maintain an accurate inventory of all networks, services, servers, and devices.
  • A dedicated Information Security Team ensures the protection of customer data.

Enterprise level security

  • Business customers have additional features to provide more customization and privacy, including Single sign-on (SSO) and Role-Based Access Control (RBAC).
  • We use a global CDN to prevent network attacks and keep Vectary highly available.

If you have any security concerns, feel free to reach out at security@vectary.com