PlatformPricingDocsChangelogStart free

Vector / Security

Security & Trust

Built for the team that has to sign off.

Observability touches your most sensitive data, the prompts and answers your product runs on. Here is exactly how we protect them, and how to keep them inside your own walls.

SOC 2 Type II GDPR ready Self-host / VPC Encryption in transit & at rest No training on your data
The commitments

Three promises we put in writing.

Your data is never trained on

Prompts and completions are used only to render your traces. They are never used to train any model, ours or anyone else's.

You control retention

Set retention to the day. Redact fields at the SDK before anything leaves your process. Delete a project and its data goes with it.

You can keep it all in-house

Run Vector self-hosted in your own cloud. The full console, none of the data leaving your VPC. Same product, your perimeter.

Deployment

Two ways to run it.

Vector Cloud

Managed, fastest to value

We run it, patch it, and keep it up. Most teams start here and never move.

  • Hosted in AWS, multi-AZ
  • Data residency in US or EU
  • 99.9% uptime SLA on Enterprise
  • Encrypted with per-tenant keys
Self-hosted / VPC

Your cloud, your control

Deploy via Helm or Terraform into your own account. Nothing leaves your network.

  • Runs in your VPC
  • Bring your own KMS keys
  • Air-gapped option available
  • SSO, SCIM, and audit export
Practices

The everyday discipline.

Encryption everywhereTLS 1.2+ in transit, AES-256 at rest.
Least-privilege accessScoped roles, short-lived credentials, full audit trail.
SSO & SCIMSAML and OIDC, automated provisioning on Enterprise.
Independent testingAnnual third-party penetration tests, findings tracked to close.
Vulnerability managementContinuous dependency scanning and patch SLAs.
Incident responseOn-call rotation, documented runbooks, customer notification commitments.
Sub-processors

Who touches what.

Sub-processorPurposeRegion
Amazon Web ServicesPrimary cloud hosting and storageUS / EU
CloudflareCDN, DDoS protection, WAFGlobal edge
StripeBilling and paymentsUS
PostmarkTransactional emailUS

Self-hosted deployments use none of the hosting sub-processors above. The full current list is available in the DPA on request.

Need the paperwork?

Get the SOC 2 report and DPA.