Security & Compliance

Enterprise-grade security and data protection built for insurance and financial services

Certifications & Compliance

Industry-leading security standards and regulatory compliance

✓

SOC 2 Type II

Certified

Annual SOC 2 Type II audit by independent third-party validates our security, availability, processing integrity, confidentiality, and privacy controls.

✓

ISO 27001

Certified

ISO 27001 certified. Information Security Management System (ISMS) implemented following ISO standards.

GDPR Compliant

Full compliance with EU General Data Protection Regulation for data privacy and protection

CCPA Compliant

California Consumer Privacy Act compliance for US data subject rights

GLBA Aligned

Gramm-Leach-Bliley Act safeguards for financial services data protection

Data Protection & Encryption

Multiple layers of security protect your sensitive data

Encryption

  • In Transit: TLS 1.3 for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Database Encryption: Field-level encryption for PII
  • Key Management: AWS KMS with automatic key rotation
  • API Security: OAuth 2.0 + JWT token authentication

Infrastructure Security

  • Cloud Provider: AWS GovCloud & commercial regions
  • Network Isolation: VPC with private subnets
  • DDoS Protection: AWS Shield Standard + Advanced
  • WAF: Web Application Firewall on all endpoints
  • Redundancy: Multi-AZ deployment with auto-failover

Access Controls

  • MFA Required: Multi-factor authentication for all users
  • RBAC: Role-based access control with least privilege
  • SSO Support: SAML 2.0 single sign-on integration
  • IP Whitelisting: Restrict API access by IP range
  • Session Management: Automatic timeout + re-authentication

Monitoring & Detection

  • 24/7 SOC: Security Operations Center monitoring
  • SIEM: Real-time security event correlation
  • Intrusion Detection: IDS/IPS on all network traffic
  • Vulnerability Scanning: Weekly automated scans
  • Penetration Testing: Annual third-party pen tests

Data Residency, Retention & Deletion

Full control over where your data lives and how long we keep it

Data Residency Options

Choose where your data is stored and processed to meet regulatory requirements.

🇺🇸
United States
AWS US East (N. Virginia) • US West (Oregon)
🇪🇺
European Union
AWS EU (Frankfurt) • EU (Ireland)
🔒
AWS GovCloud (US)
For government & highly regulated entities

Data never leaves your chosen region. No cross-border transfers without explicit consent.

Retention & Deletion Policy

Default Retention Periods

Verification Records 7 years
API Logs 2 years
Audit Trails 10 years
User Access Logs 3 years

Custom Retention Available

Configure retention periods to match your internal policies or regulatory requirements. Automated deletion after retention period expires.

Audit Trails & Regulatory Support

Complete visibility and defensibility for every verification

Comprehensive Audit Logging

What We Log

  • Every VIN verification request (timestamp, user, IP)
  • API responses with risk scores and reasons
  • User authentication and access events
  • Evidence pack downloads and exports
  • Configuration changes and system updates
  • Data access and modification events

Audit Trail Features

  • Immutable logs (tamper-proof)
  • Cryptographic signing for integrity
  • Searchable via dashboard or API
  • Export to CSV, JSON, or SIEM
  • Real-time event streaming available
  • Long-term archival (10+ years)

Regulatory Alignment

Our audit trail capabilities support your compliance requirements for:

Insurance Denials & Referrals

Complete documentation showing why claim was denied. Evidence supports SIU referrals and NICB submissions. Defensible in litigation.

Regulatory Audits

Demonstrate compliance with state insurance regulations. Provide examiners with full audit trail showing fraud prevention measures.

NICB Reporting

Evidence packs include all data needed for National Insurance Crime Bureau fraud submissions and law enforcement referrals.

Internal Compliance

Track adjuster decisions and SIU escalations. Monitor false positive rates. Demonstrate fraud controls to board and auditors.

Procurement-Ready Documentation

Everything your procurement and legal teams need

Security Summary

High-level security overview for executive review. Covers certifications, encryption, access controls, and incident response.

Request Document →

Data Processing Agreement (DPA)

Standard and customizable DPA templates. GDPR-compliant. Defines data handling, processing, and subprocessor terms.

Request Document →

Architecture Diagram

Technical architecture overview showing data flows, encryption points, network topology, and redundancy design.

Request Document →

SOC 2 Report

Full SOC 2 Type II report available under NDA. Includes auditor opinion, test results, and control descriptions.

Request Document →

Data Retention Policy

Detailed policy document covering retention periods, deletion procedures, and backup/recovery processes.

Request Document →

Incident Response Plan

Security incident response procedures, notification timelines, escalation paths, and customer communication protocols.

Request Document →

Business Continuity & Disaster Recovery

Ensuring availability and resilience for mission-critical operations

High Availability Architecture

  • Multi-AZ Deployment: Active-active across availability zones
  • Auto-Scaling: Dynamic capacity adjustment for peak loads
  • Load Balancing: Distributes traffic across healthy instances
  • Health Checks: Automatic detection and failover
  • Database Replication: Real-time sync to standby
  • 99.95% Uptime SLA: Enterprise availability guarantee

Disaster Recovery

  • RTO: < 4 hours: Recovery Time Objective
  • RPO: < 1 hour: Recovery Point Objective (data loss)
  • Automated Backups: Continuous + daily snapshots
  • Cross-Region Replication: Geographic redundancy
  • DR Testing: Quarterly disaster recovery drills
  • Runbooks: Documented recovery procedures

Security Contact & Vulnerability Reporting

We take security seriously—report issues responsibly

Report a Security Vulnerability

We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to our security team.

Security Email
security@vindetect.com
PGP Key
Available for encrypted communication

Response Timeline

  • ✓ Initial response within 24 hours
  • ✓ Assessment and triage within 72 hours
  • ✓ Status updates every 5 business days
  • ✓ Public disclosure coordinated with reporter

Questions About Our Security?

Our security team is here to answer your procurement and compliance questions

Contact Security Team Request All Documents