TRUST CENTER

Security, compliance, and privacy at Velum Labs

We take the security of your data seriously. Learn about our certifications, security practices, and commitment to protecting your information.

CERTIFICATIONS & COMPLIANCE

CERTIFIED

SOC 2 Type II

Annual third-party audit verifying our security controls meet AICPA standards for security, availability, and confidentiality.

CERTIFIED

ISO 27001

International standard for information security management systems, demonstrating systematic approach to security.

COMPLIANT

GDPR Compliant

Full compliance with EU General Data Protection Regulation for processing personal data of EU residents.

COMPLIANT

CCPA Compliant

Compliance with California Consumer Privacy Act requirements for handling California residents' personal information.

AVAILABLE

HIPAA Ready

Infrastructure and processes designed to support HIPAA compliance for healthcare data processing.

LEVEL 2

CSA STAR

Cloud Security Alliance STAR certification demonstrating cloud security best practices.

SECURITY ARCHITECTURE

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Customer-managed encryption keys available for enterprise.

Access Controls

Role-based access control (RBAC), multi-factor authentication, and SSO integration with major identity providers.

Data Residency

Choose your data region: US, EU, or APAC. Data never leaves your selected region without explicit consent.

Penetration Testing

Regular third-party penetration tests and bug bounty program. Results available under NDA.

POLICIES & DOCUMENTATION

Privacy Policy

How we collect, use, and protect your personal information.

Terms of Service

The legal agreement governing your use of Velum Labs services.

Data Processing Agreement

Standard contractual clauses for GDPR-compliant data processing.

Security Whitepaper

Detailed technical documentation of our security architecture.

Subprocessors List

Current list of third-party subprocessors who may process your data.

Incident Response Plan

Our procedures for detecting, responding to, and recovering from security incidents.

FREQUENTLY ASKED QUESTIONS

How do you handle data breaches?

We maintain a comprehensive incident response plan. In the event of a breach affecting your data, we will notify you within 72 hours as required by GDPR, provide details of the incident, and outline remediation steps taken.

Can I get a copy of your SOC 2 report?

Yes, SOC 2 Type II reports are available to customers and prospects under NDA. Please contact our security team to request a copy.

Do you support single sign-on (SSO)?

Yes, we support SAML 2.0 and OIDC-based SSO with all major identity providers including Okta, Azure AD, Google Workspace, and OneLogin.

Where is my data stored?

You choose your data region during onboarding. Options include US (AWS us-east-1), EU (AWS eu-central-1), and APAC (AWS ap-southeast-1). Data replication stays within your selected region.

How do you handle data deletion requests?

We honor all data deletion requests within 30 days. Upon account termination, all customer data is permanently deleted from our systems within 90 days, with certification available upon request.

Questions about security?

Our security team is available to answer your questions and provide additional documentation.

CERTIFICATIONS & COMPLIANCE

CERTIFIED

SOC 2 Type II

Annual third-party audit verifying our security controls meet AICPA standards for security, availability, and confidentiality.

CERTIFIED

ISO 27001

International standard for information security management systems, demonstrating systematic approach to security.

COMPLIANT

GDPR Compliant

Full compliance with EU General Data Protection Regulation for processing personal data of EU residents.

COMPLIANT

CCPA Compliant

Compliance with California Consumer Privacy Act requirements for handling California residents' personal information.

AVAILABLE

HIPAA Ready

Infrastructure and processes designed to support HIPAA compliance for healthcare data processing.

LEVEL 2

CSA STAR

Cloud Security Alliance STAR certification demonstrating cloud security best practices.

SECURITY ARCHITECTURE

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Customer-managed encryption keys available for enterprise.

Access Controls

Role-based access control (RBAC), multi-factor authentication, and SSO integration with major identity providers.

Data Residency

Choose your data region: US, EU, or APAC. Data never leaves your selected region without explicit consent.

Penetration Testing

Regular third-party penetration tests and bug bounty program. Results available under NDA.

FREQUENTLY ASKED QUESTIONS

How do you handle data breaches?

Can I get a copy of your SOC 2 report?

Yes, SOC 2 Type II reports are available to customers and prospects under NDA. Please contact our security team to request a copy.

Do you support single sign-on (SSO)?

Yes, we support SAML 2.0 and OIDC-based SSO with all major identity providers including Okta, Azure AD, Google Workspace, and OneLogin.

Where is my data stored?

You choose your data region during onboarding. Options include US (AWS us-east-1), EU (AWS eu-central-1), and APAC (AWS ap-southeast-1). Data replication stays within your selected region.

How do you handle data deletion requests?

We honor all data deletion requests within 30 days. Upon account termination, all customer data is permanently deleted from our systems within 90 days, with certification available upon request.