Security Overview
Enterprise-grade security built into every layer of the VibeCoded platform.
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed by AWS KMS with automatic annual rotation.
Access Control
Role-based access control (RBAC), SSO via SAML 2.0, and SCIM provisioning give administrators fine-grained control over who can access what.
Audit Logs
Every action in the platform — logins, data exports, permission changes — is recorded in an immutable audit log retained for up to 12 months.
Penetration Testing
We commission an independent third-party penetration test annually. Customers on Enterprise plans may request a copy of the most recent report.
Incident Response
A 24/7 on-call security team monitors for anomalies. In the event of a breach, affected customers are notified within 72 hours in line with GDPR obligations.
SOC 2 Type II
VibeCoded is SOC 2 Type II certified, covering Security, Availability, and Confidentiality trust service criteria. Report available under NDA on request.
Certifications & Standards
We maintain the following certifications and adhere to these frameworks:
- SOC 2 Type II — Security, Availability, Confidentiality (annual audit)
- ISO 27001 — Information Security Management (in progress, expected Q3 2026)
- UK GDPR & EU GDPR — Data Protection compliance
- Cyber Essentials Plus — UK Government-backed certification
Responsible Disclosure
We welcome reports of security vulnerabilities from the research community. If you believe you have found a security issue in VibeCoded, please email security@vibecoded.example with a description of the vulnerability and steps to reproduce it.
We commit to acknowledging your report within 24 hours, providing regular updates, and crediting researchers who responsibly disclose valid findings.
Please do not access, modify, or delete customer data during your research. We do not take legal action against researchers who follow this policy in good faith.