Data at Rest
All datastores with customer data are encrypted at rest. The data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
Data in transit
Velt uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks.
Secret Management
Application secrets are encrypted and stored securely via Google Secrets Manager and access to these values is strictly limited.
Endpoint protection
All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Security education
Velt provides comprehensive security training to all employees upon onboarding and annually through educational modules with Vanta’s platform.
Identity and access management
Velt uses Google SSO to secure our identity and access management. We enforce the use of mutli-factor authentication, Velt employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.
Privacy Policy and DPA
View Velt's Privacy Policy View our list of subprocessors View our DPA
Regulatory compliance
Velt evaluates updates to regulatory and emerging frameworks continuously to evolve our program.