Security & Compliance

Vexera is built to protect your source code, scan results, and infrastructure credentials. Every layer of our platform is designed with security as the default.

Security Controls

View all 37 controls

Infrastructure Security9

Production access restricted to key personnel

Production deployment access restricted

Remote access encrypted

+6 more

Product Security10

Encryption at rest

Encryption in transit

Encryption key access restricted

+7 more

Data Handling8

Zero-training policy with AI providers

Automatic PII redaction

EU data residency for primary storage

+5 more

Operational Security10

Incident response plan documented

Incident management procedures followed

Encrypted offline backups

+7 more

Subprocessors

View all

VendorPurposeData Region

MongoDB, Inc.

Primary application database

Redis Ltd.

Job queue, caching, and session management

Cloudflare, Inc.

CDN, DDoS protection, WAF, DNS, domain management, and object storage (R2)

Stripe, Inc.

Payment processing and invoicing

xAI Corp.

AI model inference for vulnerability analysis

Resources

View all

How we collect, process, and protect personal data under GDPR

View

Data Processing Agreement

GDPR Article 28 DPA for when Vexera acts as processor

View

Security Controls

Technical and organizational measures protecting your data

View