Security

Your engineering team data is protected with enterprise-grade security measures.

Last updated: February 2025

Data Location

Vereda AI infrastructure is hosted in the United States using industry-leading cloud providers:

  • Primary Database: Supabase (powered by AWS) - US East region
  • Application Hosting: Render - US-based data centers
  • Authentication: Clerk - US-based infrastructure
  • AI Processing: OpenAI and Anthropic APIs - US-based processing

All data remains within the United States unless explicitly configured otherwise for enterprise customers with specific data residency requirements.

Encryption

In Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections.

At Rest

All data stored in our database is encrypted at rest using AES-256 encryption. This includes user data, engineering metrics, and all associated metadata.

Backup Encryption

Database backups are encrypted using the same AES-256 standard and stored in geographically separate locations for disaster recovery.

Infrastructure Security

  • Access Control: Role-based access control (RBAC) with principle of least privilege
  • Authentication: Multi-factor authentication available for all accounts
  • API Security: Rate limiting, request validation, and API key authentication
  • Audit Logging: Comprehensive audit logs for security-relevant actions
  • Vulnerability Management: Regular security assessments and dependency updates
  • Network Security: Firewall rules, DDoS protection, and network isolation

Compliance

Vereda AI is committed to meeting the highest security and compliance standards:

  • SOC 2 Type II: Audit in progress

Our infrastructure providers (AWS, Supabase, Render) maintain SOC 2 Type II, ISO 27001, and other relevant certifications.

Data Handling Practices

Data Minimization

We only collect and process data necessary to provide our services. Personal identifiable information (PII) is not shared with AI providers.

Data Retention

Data is retained only as long as needed to provide services. Upon account termination, data is deleted within 30 days unless legally required to retain.

Third-Party Integrations

Integrations with tools like GitHub, Jira, and Slack use OAuth and read-only access where possible. We never store your integration credentials directly.

Security Contact

For security concerns, vulnerability reports, or compliance inquiries:

Email: support@vereda.ai

For enterprise security reviews, custom data residency requirements, or BAA agreements, please contact us directly.