Security at Vaultrice

At Vaultrice, the security of your data is our highest priority. We are committed to providing a secure and reliable platform by implementing multi-layered security measures across our infrastructure, application, and organization.

Infrastructure Security

Our service is built upon the secure and resilient global network of Cloudflare, one of the world's leading infrastructure providers.

  • Global Network: The Vaultrice application and API are hosted and protected by Cloudflare's network, which provides robust security against DDoS attacks, data breaches, and other threats.
  • Physical Security: All physical security for the servers, networks, and data centers is managed by Cloudflare, which adheres to the highest standards of physical access control and monitoring.

Data Protection

We employ multiple layers of encryption to protect your data both in transit and at rest.

  • Encryption in Transit: All data transmitted between your application and the Vaultrice service is encrypted using industry-standard TLS (Transport Layer Security).
  • Encryption at Rest: We enforce multiple levels of at-rest encryption:
    1. All data is automatically encrypted at rest on our infrastructure provider's platform.
    2. For sensitive user and system data (such as usernames, emails, and API keys), we apply an additional layer of application-level encryption before it is stored in our database.
  • Automatic at Rest Encryption (for the API/SDK usage): You can enable our Security Level 2 feature. This encrypts your data automatically at Rest on application-level, similar to the application-level encryption previously mentioned, before it is stored at rest in Cloudflare.
  • End-to-End Encryption (E2EE) (for the API/SDK usage): For maximum data confidentiality, you can enable our Security Level 3 feature. This encrypts your data on your device before it is ever sent to our servers, ensuring that only you can decrypt and read your data.

Application Security

We design our application with security at the forefront to protect your account and your data.

  • Password and Credential Security: User passwords and API secrets are never stored in plaintext. They are stored using strong, industry-standard salting and hashing algorithms.
  • API Key Restrictions: You can lock down API keys by IP address, origin (domain), or to read-only/write-only modes to limit their permissions and prevent misuse.
  • Object ID Signature Verification: For advanced security, you can enable a feature that requires all requests to be signed by your backend server. This ensures that only authorized clients can access or create data objects, even if they have a valid API key. This can be enabled by our Security Level 1 feature.

Organizational Security

Our internal policies and procedures are designed to maintain a high standard of security and data protection.

  • Access Control: Access to our production infrastructure is strictly limited to authorized personnel based on the principle of least privilege. All access to critical systems requires Multi-Factor Authentication (MFA).
  • Employee Policies: All of our employees are subject to confidentiality agreements and undergo regular security and privacy training to stay up-to-date with the latest best practices.
  • Incident Response: We have a formal process for handling security incidents. In the event of a security breach, we are committed to investigating the matter promptly, taking all necessary steps to mitigate the impact, and notifying affected customers without undue delay.

Compliance

Our service is designed to comply with major international data protection and privacy regulations, including GDPR, CCPA and the Swiss FADP. For more details, please review our Privacy Policy, Data Processing Addendum (DPA) and Terms of Service.

Responsible Disclosure

We value the work of security researchers. If you believe you have discovered a security vulnerability in our service, please report it to us at support@vaultrice.com. We are committed to working with you to understand and resolve the issue in a timely manner.