Security at Vultrik
Last Updated: November 1, 2025
Security First: At Vultrik, security isn't just what we scan for—it's how we build. We implement the same security practices we recommend to our customers, ensuring your data is protected at every level.
Our Security Commitment
As a security scanning platform, we hold ourselves to the highest standards. We understand that you're trusting us with sensitive information about your infrastructure, and we take that responsibility seriously.
Core Security Principles
- Security by Design: Security is built into every feature from day one
- Defense in Depth: Multiple layers of security controls
- Least Privilege: Users and systems have only the access they need
- Transparency: Clear communication about our security practices
- Continuous Improvement: Regular security audits and updates
Platform Security
Authentication
- Bcrypt password hashing (10 salt rounds)
- JWT session tokens (7-day expiration)
- TOTP-based two-factor authentication
- Google OAuth integration
- Rate limiting on login attempts
Data Protection
- HTTPS/TLS encryption in transit
- Encrypted data at rest
- Parameterized database queries
- SQL injection prevention
- Regular security backups
API Security
- SHA-256 hashed API keys
- Scoped permissions
- Rate limiting per key
- IP whitelisting available
- Usage monitoring and alerts
Access Control
- Role-based access control (RBAC)
- User isolation and data segregation
- Audit logs for all actions
- Session management
- Automatic session timeout
Network Security
- Web Application Firewall (WAF)
- DDoS protection
- Content Security Policy (CSP)
- Security headers (HSTS, X-Frame-Options)
- Regular vulnerability scanning
Monitoring
- 24/7 security monitoring
- Intrusion detection systems
- Real-time threat intelligence
- Automated security alerts
- Incident response procedures
Data Privacy
We're committed to protecting your privacy and handling your data responsibly:
What We Do
- Minimal Data Collection: We only collect what's necessary to provide our service
- No Data Selling: We never sell, rent, or trade your data to third parties
- GDPR Compliant: Full compliance with European data protection regulations
- Data Portability: Export your data anytime
- Right to Deletion: Delete your account and data through settings
- Transparent Processing: Clear documentation of how we use your data
Read our complete Privacy Policy for detailed information.
Infrastructure Security
Our infrastructure is built on industry-leading cloud providers with robust security:
- Cloud Infrastructure: Hosted on secure, compliant cloud platforms
- Redundancy: Multi-region data replication for high availability
- Backups: Automated daily backups with encryption
- Disaster Recovery: Tested recovery procedures and failover systems
- Physical Security: Data centers with 24/7 security and access controls
Compliance & Certifications
We maintain compliance with industry standards and regulations:
GDPR
Full compliance with the EU General Data Protection Regulation for data privacy and user rights.
OWASP
Our scanning follows OWASP guidelines, and we secure our platform against the OWASP Top 10.
ISO 27001
Following information security management best practices (certification in progress).
SOC 2
Enterprise customers can request SOC 2 compliance documentation.
Security Practices
Development Security
- Secure Development Lifecycle: Security integrated into every development stage
- Code Reviews: Mandatory security-focused code reviews
- Dependency Scanning: Automated scanning for vulnerable dependencies
- Static Analysis: Security linters and static code analysis
- Penetration Testing: Regular third-party security assessments
Incident Response
- 24/7 Monitoring: Continuous monitoring for security incidents
- Response Team: Dedicated security incident response team
- Communication Plan: Clear procedures for notifying affected users
- Post-Incident Analysis: Thorough investigation and remediation
- Transparency: Public disclosure of significant security issues
Responsible Disclosure
Report a Security Vulnerability
We welcome security researchers and users to report potential vulnerabilities:
- Email: security@vultrik.com
- Response Time: Initial response within 24 hours
- Resolution: Critical issues patched within 48-72 hours
- Recognition: Security researchers credited (if desired)
Please do not: Publicly disclose vulnerabilities before we've had time to address them.
Security Best Practices for Users
Help us keep your account secure by following these recommendations:
Protect Your Account
- Strong Passwords: Use unique, complex passwords (min 12 characters)
- Enable 2FA: Turn on two-factor authentication for added security
- Regular Updates: Keep your email and recovery information current
- Monitor Activity: Review your audit logs for suspicious activity
- Secure API Keys: Rotate API keys regularly and use scoped permissions
- Report Issues: Contact us immediately if you notice anything unusual
Third-Party Security
We carefully vet all third-party services we use:
- Payment Processing: Stripe (PCI DSS compliant) - we never store payment details
- Email Delivery: Resend (SOC 2 Type II compliant)
- Cloud Hosting: Industry-leading providers with robust security
- Authentication: Google OAuth (when enabled by users)
Continuous Improvement
Security is an ongoing commitment. We continuously improve our security posture through:
- Regular security audits and penetration testing
- Staying current with emerging threats and vulnerabilities
- Employee security training and awareness programs
- Participating in security communities and information sharing
- Implementing feedback from security researchers
Questions About Security?
We're transparent about our security practices. If you have questions or concerns:
- General Inquiries: security@vultrik.com
- Enterprise Security: sales@vultrik.com
- Vulnerability Reports: security@vultrik.com
For more information, see our Privacy Policy and Terms of Service.