Security & Certifications
We design our background screening platform with enterprise-grade security controls and independent attestation. Use this page to request detailed reports or contract documents under NDA.
SOC 2 Type II
Audit period: [MM YYYY–MM YYYY] | Auditor: [Independent Auditor Name]
Our SOC 2 Type II report covers the full Vuplicity background screening platform, supporting systems, and administrative controls. Request the latest report under NDA using the button below.
Request SOC 2 Type II report (NDA required)ISO/IEC 27001
Certification status: [Cert # / Status]
Scope: [Systems / locations covered] | Certification body: [Auditor] | Valid through: [MM YYYY]
Update this section with certificate details once issued. If certification is in progress, keep this note and remove ISO claims elsewhere until finalized.
Encryption
- TLS 1.3 enforced for data in transit.
- AES-256 encryption for structured and unstructured data at rest.
- Hardware security modules manage key rotation and storage separation.
Access Controls
- Single sign-on (SSO) with enforced MFA for administrative access.
- Role-based access control (RBAC) with least-privilege provisioning.
- Quarterly access reviews and immediate revocation on role change or departure.
Data Retention
Operational portals display candidate data for 30 days by default. We retain a regulatory archive to support FCRA disputes and audits with strict role-based access and monitoring.
Subprocessors & Data Transfer
Review our current subprocessors below and contact us for signed DPA/SCC documentation.
Current subprocessors
- Vercel Inc. — Application hosting & content delivery network
- Supabase, Inc. — Managed Postgres database & authentication
- Resend, Inc. — Transactional email delivery