We hold our own security to the same standard we hold for every client we protect. This page documents our certifications, practices, policies, and commitments — in plain language, with no fine print.
Our certifications are not marketing badges — they are independently audited attestations of the controls we operate every day. We pursue certifications that matter to the clients we serve and the industries we protect.
VANGUR AI operates under the same security standards we deliver to our clients. Our internal infrastructure, tooling, and processes are subject to continuous monitoring, access controls, and regular third-party assessments — because we believe a security company that can't secure itself has no business securing others.
Every access request — internal or external — is authenticated, authorized, and continuously validated. No implicit trust. No standing privilege.
All data at rest is encrypted with AES-256. All data in transit uses TLS 1.2+ with certificate pinning enforced on client-facing services.
Our own infrastructure is scanned daily. We conduct quarterly internal pentests and an annual third-party red team engagement — no exceptions.
Every employee and system account is granted the minimum access required to perform its function. Access is reviewed quarterly and revoked immediately upon role change.
All employee devices are enrolled in MDM, run EDR agents with real-time protection, require full-disk encryption, and enforce phishing-resistant MFA for all applications.
All staff complete role-specific security training quarterly. Simulated phishing campaigns run monthly. Security culture is built into onboarding — day one, not day ninety.
We handle client data with the same discipline we apply to our own. Our data governance framework defines exactly what data we collect, why we collect it, how it is stored, who can access it, and when it is deleted — with no ambiguity and no exceptions.
We collect only the data required to deliver our services. No behavioral tracking, no advertising profiles, no secondary use of client telemetry. Data collected for security monitoring stays in the security monitoring context — period.
We support data residency requirements for clients in regulated industries and jurisdictions. Client data can be scoped to specific regional infrastructure, and we provide written documentation of data flows upon request for compliance and audit purposes.
Trust is built through transparency, especially in moments of adversity. Our disclosure and incident response commitments ensure that our clients and the broader security community are never left in the dark.
All VANGUR AI policies are reviewed and updated annually — or sooner when material changes occur. Clients are notified of substantive policy changes with a minimum of 30 days notice.
Our security team is available to answer questions, share audit reports under NDA, or discuss specific compliance requirements for your organization.
security@vangur.ai