Security and Compliance

Vantage is built by veterans of public cloud infrastructure companies and invests in following security best practices to meet the highest standards of our customers and users.


Product and Data Security

Vantage uses security best practices throughout its application. All users can authenticate with SAML Single Sign-on (SSO) so additional credentials are not needed. Multi-level permissions including RBAC give users team access and management options. Vantage requires 2FA for all staff to access internal systems and requires key rotation and other standard security measures for engineers.

Read Security Documentation

Vantage utilizes a Virtual Private Cloud (VPC) with strict ACLs to prevent network intrusions. Billing data via read-only APIs and cost data is encrypted in transit and at rest. Vantage retains data for up to 12 months depending on pricing tier.

For more information on how user data is handled, please review our Privacy Policy and Service Agreement.


Vantage is SOC 2 Type II Compliant

Vantage maintains SOC 2 Type II compliance and our report is available upon request. Vantage serves a global customer base and is committed to complying with local laws and regulations. Vantage is headquarted in New York City and incorporated under Delaware law.

Request SOC2 Report

Vantage makes use of a limited number of third party subprocessors to support customers and our product. For information on their security practices, please visit the links below.

Report an Issue

Security questions?

If you believe you have found a vulnerability or wish to report an issue, please contact us at