Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

At Vanilla, security, trust, and data protection are integral to our business. Vanilla maintains a rigorous security and compliance program, including clean SOC 2 Type II reports (since we began audits in 2022). We routinely meet and exceed the complex requirements of our global financial institution customers.

If you have additional questions, please contact us at legal@justvanilla.com.

Compliance

SOC 2 Logo
SOC 2

Vanilla is reviewed and trusted by

Linford & Company LLP-company-logoLinford & Company LLP
Mariner-company-logoMariner
Baird-company-logoBaird
Vanguard-company-logoVanguard

Documents

Featured Documents

REPORTSSOC 2 Type II
SELF-ASSESSMENTSSIG Lite
REPORTSPenetration Testing Report
ARTIFICIAI INTELLIGENCE (VAI)AI Security FAQs
LEGAL + COMPLIANCEFAQs about Vanilla data usage and MSA
LEGAL + COMPLIANCECyber Insurance (Cert of Insurance)
LEGAL + COMPLIANCEW-9
Knowledge Base (FAQ)
    Does Vanilla have a SOC 2 audit?
    What were the results of Vanilla's latest pen test, and what remediation was done?
    Does Vanilla have a vulnerability management process?
    Does Vanilla have a business continuity plan/ disaster recovery plan?
    Do employees do security and privacy training?
View more

Risk Profile

Data Access LevelRestricted
Recovery Time Objective6 hours
HostingMajor Cloud Provider

Product Security

Audit Logging
Data Security
Integrations
View more

ArtificiaI Intelligence (VAI)

AI Risk Management
AI Security FAQs
AI Third Party Contracts and Diligence
View more

Self-Assessments

SIG Lite

Policies

Acceptable Use Policy
Incident Response Plan
Access Control Policy
View more

Reports

Penetration Testing Report
Network Diagram
SOC 2 Type II

Legal + Compliance

SubprocessorsAmazon Web Services (AWS)-company-logoSalesforce-company-logoMicrosoft Azure-company-logoAmazon Web Services-company-logo
Cyber Insurance (Cert of Insurance)
Master Services Agreement
View more

Data Privacy

Data Into System
Data Privacy Officer
Employee Privacy Training

Data Security

Access Monitoring
Data Backups
Encryption-at-rest
View more

App Security

Application Penetration Testing
Credential Management
Software Development Lifecycle
View more

Access Control

Data Access
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
BC/DR

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Threat Detection

Corporate Security

Asset Management Practices
Employee Background Checks
Employee Training
View more

Incident Response

Designated Response Personnel
Incident Reporting Process

Risk Management

Risk Assessments
Supply Chain Risk Management

BC/DR

Business Continuity Plan (BCP)
Tabletop Exercises

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more

Asset Management

Asset Inventories (Hardware/Software)
Secure Asset Disposal

If you need help using this Trust Center, please contact us.

Contact Support
Powered bySafeBase Logo