New:What Replaces the Resume
    Vetano

    Trust & Security

    How we protect your data and our platform.

    Security is foundational to Vetano. We build on SOC 2 Type II–certified infrastructure, enforce least-privilege access, and align our practices with GDPR, CCPA/CPRA, and the ISO 27001 control framework.

    Compliance status

    Today

    • • GDPR-aligned data handling
    • • CCPA/CPRA opt-out + GPC honored
    • • Built on SOC 2 Type II infrastructure
    • • HIPAA-eligible backend (BAA available on request)

    On the roadmap

    • • SOC 2 Type II (Vetano-issued report)
    • • ISO 27001 certification
    • • Annual third-party penetration test
    • • Public status page with historical uptime

    Enterprise buyers: we can share our Security Overview and respond to security questionnaires today. Email security@vetano.com.

    How we protect your data

    Encryption everywhere

    All traffic uses TLS 1.2+ in transit. Data at rest is encrypted with AES-256. Passwords are hashed with industry-standard algorithms — never stored in plaintext.

    Least-privilege access

    Row-Level Security on every database table. Admin access requires multi-factor authentication. Internal access is reviewed regularly and revoked on role change.

    Hardened infrastructure

    Hosted on SOC 2 Type II–certified providers (Supabase, Vercel/Lovable, AWS). Automatic daily backups with point-in-time recovery. Logical isolation between environments.

    Continuous monitoring

    Uptime, error, and security event monitoring with alerting. Admin actions are written to an immutable audit log. Suspicious behavior triggers automated review.

    Privacy by design

    GDPR-aligned. CCPA/CPRA opt-out + Global Privacy Control honored. Cookie consent with granular controls. Minimum data collection by default.

    Incident response

    Documented playbook for security events. Customer notification within 72 hours for any confirmed breach affecting personal data, in line with GDPR.

    Resources

    Sub-processors

    Every vendor we use and what data they touch.

    Privacy Policy

    What we collect, why, and how long we keep it.

    security.txt

    Standard security contact & disclosure policy.

    Responsible disclosure

    Found a vulnerability? Please report it privately to security@vetano.com. We commit to acknowledge reports within 2 business days and provide a remediation timeline within 10 business days for confirmed issues. We ask researchers to avoid automated scanning that degrades service, accessing data that is not their own, and public disclosure before a fix is shipped.

    We are happy to credit researchers in this section with their permission.

    Need our Security Overview or a security questionnaire response?

    We respond within 1 business day.

    security@vetano.com