Security at Veridexa
This page is maintained by Veridexa to describe the controls we currently operate. It is not a certification — for compliance artifacts and questionnaires, contact our team.
Protecting customer data
Encryption in transit
All traffic to Veridexa endpoints is served over TLS 1.2+.
Encryption at rest
Documents and derived data are encrypted at rest using AES-256.
Least-privilege access
Access to production data is scoped, logged, and reviewed on a rolling basis.
Isolated environments
Development, staging, and production run in separate environments with separate credentials.
Secure development
Changes flow through code review, automated testing, and dependency scanning before reaching production. We track and patch vulnerabilities in third-party dependencies on a regular cadence.
Reporting a vulnerability
If you believe you have found a security issue, please email security@veridexa.io. We acknowledge reports within two business days.
More
See our Trust Center, subprocessors, and Data Processing Agreement for more detail.