What is VTTD's SOC 2 status?

VTTD has a SOC 2 Type II audit planned for 2027. We follow SOC 2 controls today and are working toward completing our formal audit.

How does VTTD protect my data?

Your documents are encrypted with AES-256, isolated to your account, and never accessed by VTTD staff. Encryption keys are managed via AWS KMS with automatic rotation.

How does VTTD encrypt my data?

VTTD uses AES-256 encryption for all data at rest and TLS 1.3 for data in transit.

Does VTTD support SSO and MFA?

Yes. VTTD uses Auth0 for authentication, supporting OAuth 2.0, SSO, and multi-factor authentication. No passwords are stored by VTTD.

Trust & Security

Trust starts with transparency.

You're uploading your most sensitive documents. Here's exactly how we protect them, how our AI works, and what we're doing to earn your trust.

Data Protection

Your documents are encrypted, isolated, and never shared.

AES-256 Encryption

All data is encrypted at rest using AES-256 — the same standard used by banks and government agencies. Data in transit is protected by TLS 1.3.

Data Isolation

Your documents are isolated to your account. They are never shared with other customers, never accessed by VTTD staff, and never used for any purpose other than generating your answers.

HIPAA-Eligible Infrastructure

VTTD is built on HIPAA-eligible AWS infrastructure. Business Associate Agreements (BAAs) are available for healthcare organizations.

Automatic Key Rotation

Encryption keys are managed via AWS Key Management Service (KMS) with automatic rotation. No manual key management required.

Authentication

Enterprise-grade authentication via Auth0.

OAuth 2.0

Industry-standard authorization protocol

Multi-Factor Auth

MFA support for every account

SSO Support

Single sign-on for enterprise teams

No Passwords Stored

Auth0 handles all credential management

AI Transparency

You can see exactly how every answer was generated.

VTTD uses Retrieval-Augmented Generation (RAG) — meaning the AI only generates answers from the documents you upload. It doesn't pull from the internet or make things up.

Cited Answers

Every answer includes a citation pointing to the exact document and section it came from. No black boxes.

Flagged Gaps

When your documentation doesn't cover a question, VTTD flags it. It never guesses, fabricates, or fills in blanks with generic language.

Human Approval

Nothing is auto-submitted. Every answer goes through your team's review before it can be exported or shared.

Log Book System

Track every action across your team — uploads, edits, approvals, and exports. A full audit trail by user, so you always know who did what and when.

Your Data Rights

Your data. Your rules.

Export anytime — Download all your data at any point.
Delete anytime — Request deletion and we remove everything within 30 days.
No lock-in — Cancel your subscription and your data is wiped. No hostage-taking.
Full transparency — Ask us anything about how your data is stored, processed, or protected. We'll answer.

Compliance Roadmap

Where we are, honestly.

We believe in transparency — including about what we haven't achieved yet.

Framework	Status	Details
SOC 2 Type II	In Progress	Audit planned for 2027. Controls implemented today.
AES-256 Encryption	Active	All data encrypted at rest and in transit.
Auth0 (OAuth 2.0)	Active	MFA, SSO, enterprise authentication.
HIPAA Eligible	Active	HIPAA-eligible AWS. BAA available.
Data Isolation	Active	Per-tenant isolation. No data sharing.

Responsible Disclosure

Found a vulnerability?

We take security seriously. If you've found a security vulnerability, please report it responsibly.

security@vttd.tech

See how it works with your own docs.

Upload your documentation. Upload any questionnaire. Your first cited answers in under an hour.

Start Free Trial →

14-day free trial · No credit card · Unlimited users