VectriOS

Security & Data Handling

Infrastructure security and data handling practices for Revenue-Stage Monitoring Infrastructure.

Infrastructure Security

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database connections are secured and credentials are never stored in plain text.

Access Controls

Role-based access control (RBAC) ensures users can only access data associated with their company. Authentication uses secure password hashing (bcrypt) and JWT tokens for session management.

Monitoring & Audit Logging

All system actions are logged with timestamps, user identification, and action types. Audit logs are retained for compliance and security analysis.

Backups

Daily encrypted backups are performed with 30-day retention. Backup restoration procedures are tested regularly.

Secure Authentication

Passwords are hashed using bcrypt with appropriate salt rounds. Session tokens expire after inactivity. Multi-factor authentication (MFA) roadmap available upon request.

Data Handling

Data Collection

VectriOS collects the following data:

  • Company profile information (name, website, ICP description, revenue objectives)
  • Content URLs provided for structural analysis
  • Performance metrics (close rates, ARR, deal size) when provided
  • Structural assessment results and risk history
  • Monitoring configuration and drift events

VectriOS does not access customer CRM data unless explicitly provided.

Data Storage

All data is stored in PostgreSQL databases hosted on secure cloud infrastructure. Data is encrypted at rest and access is restricted to authorized personnel only.

Data Retention

Structural assessments are retained for the duration of active monitoring plus 90 days after account closure. Risk history is retained for 2 years for trend analysis. See our Data Retention & Deletion Policy for details.

Data Deletion

Account deletion triggers immediate soft delete. Hard delete occurs after 90 days. All associated data (assessments, risk history, monitoring data) is permanently removed. See our Data Retention & Deletion Policy for complete deletion procedures.

GDPR / EU Compliance

Lawful Basis for Processing

VectriOS processes personal data based on contractual necessity (service provision) and legitimate interest (monitoring and analysis). Consent is obtained during account creation.

Data Subject Rights

EU data subjects have the right to:

  • Access: Request a copy of all personal data held
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of personal data
  • Portability: Export data in machine-readable format
  • Objection: Object to processing based on legitimate interest

Requests can be submitted via email to privacy@vectrios.com or through account settings.

Data Processing Agreement (DPA)

Standard DPA available upon request for enterprise customers. Custom DPA terms can be negotiated for high-volume contracts.

Data Export

All monitoring data can be exported in PDF or CSV format. Export includes:

  • Structural assessment history
  • Risk index progression
  • Drift events and volatility metrics
  • Revenue impact projections
  • Executive summaries

Export functionality is available in the dashboard under account settings. Enterprise customers can request bulk exports via support.

Compliance Roadmap

VectriOS is committed to enterprise-grade security and compliance. SOC 2 Type II certification is planned for Q3 2025. Current security practices align with SOC 2 requirements.

For specific compliance requirements or security questionnaires, contact security@vectrios.com.

Privacy Policy →Data Retention Policy →Terms of Service →