Skip to content
Ventral AI

Security commitment

Security is a product feature.

We treat every camera feed, model weight, and customer artifact as confidential. Our controls are being formalized under SOC 2 Type II with Secureframe.

Compliance

Actively pursuing SOC 2 Type II with Secureframe, which provides continuous monitoring of our controls across production systems.

Encryption

TLS 1.2+ in transit. AES-256 at rest. Customer artifacts (footage, weights, eval sets) are logically isolated per tenant.

Access control

SSO + MFA for all internal access. Least-privilege IAM, short-lived credentials, and full audit logs on production systems.

Data handling

Customer video is processed only for agreed purposes, with configurable retention. Anonymization (faces, plates) available at the edge.

Personnel

Background checks, annual security training, acceptable-use and confidentiality agreements for every employee and contractor.

Incident response

Documented runbook with named responders, escalation paths, and customer notification commitments.

Vendor management

Third-party processors are reviewed before onboarding and re-reviewed annually. Sub-processor list available on request.

GDPR & regional

Data processing agreements on request. EU-based infrastructure available for workloads that require it.

Engineering practices

Controls beat good intentions.

Great security outcomes come from boring, repeatable practices applied consistently. These are ours.

  • All code is peer-reviewed before merge; production deploys require CI green across lint, type, and test suites.
  • Secrets are stored in a managed vault and rotated on role changes; they never live in source control.
  • Dependencies are monitored for known vulnerabilities (CVE) and patched on a risk-weighted schedule.
  • Production access is logged centrally with alerting for anomalous patterns.
  • Disaster-recovery runbooks are rehearsed and tested on a defined cadence.

Reports, DPAs, and sub-processor lists.

Our SOC 2 audit report (once issued), Data Processing Agreement, and current sub-processor list are available under NDA on request. If your procurement team needs something specific, just ask — we’ll send the most recent version.

Security-related disclosures and concerns: security@ventral.ai

Procurement?

We've probably answered your questions before.

Reach out with your security questionnaire. We've filled out more than a few.

Start the reviewSee our products