Enterprise-Grade Security
Protecting sensitive financial and identity data is our top priority. Learn about our comprehensive security measures.
Compliance in progress: We are actively pursuing SOC 2 Type I (Q2 2026) and SOC 2 Type II (Q4 2026) certifications.Learn more
Security Measures
Multiple layers of protection for your sensitive data
Encryption at Rest
All data encrypted using AES-256. Sensitive PII stored in dedicated secure vaults with additional encryption layers.
Encryption in Transit
All connections use TLS 1.3. We enforce HTTPS everywhere and use certificate pinning for mobile applications.
Access Control
Role-based access control (RBAC) ensures users only access data they need. All access logged and auditable.
Multi-Factor Authentication
MFA required for all platform users. We support authenticator apps, hardware keys, and SMS backup.
Infrastructure Security
Hosted on SOC 2 compliant infrastructure with DDoS protection, WAF, and network isolation between tenants.
Threat Detection
Real-time monitoring for anomalous activity, automated threat response, and 24/7 security operations.
PII Handling
How we protect personally identifiable information
| Data Type | Storage Method | Access Control |
|---|---|---|
| SSN | SHA-256 hash + encrypted vault | Verification service only |
| Hashed in database | Secure viewer with audit log | |
| Phone | Hashed in database | Secure viewer with audit log |
| ID Documents | AES-256 encrypted storage | Time-limited secure URLs |
Certifications & Compliance
Our ongoing commitment to security standards
SOC 2 Type I
Initial security controls assessment
Target: Q2 2026
SOC 2 Type II
Security, availability, and confidentiality controls
Target: Q4 2026
ISO 27001
Information security management certification
Target: 2027
What this means for you
While certifications are in progress, we have implemented all required security controls and are actively working with auditors. Our infrastructure and practices meet SOC 2 standards, and formal certification is underway.
Incident Response SLAs
Our commitment to rapid response when issues arise
| Severity | Response Time | Resolution Target |
|---|---|---|
| Critical | 15 min | 4 hours |
| High | 30 min | 8 hours |
| Medium | 2 hours | 24 hours |
| Low | 8 hours | 72 hours |
Report a Vulnerability
We appreciate responsible disclosure of security issues
security@verit.caWe will acknowledge receipt within 24 hours and work with you to understand and resolve the issue.