Skip to main content
Vincony
Free Credits

Security at Vincony

We take the security of your data seriously. Here's how we protect your information and maintain compliance with international privacy regulations.

Last audited: February 2026 GDPR Ready CCPA Compliant 256-bit Encryption SOC 2 Readiness

99.9%

Uptime SLA

AES-256

Encryption at Rest

TLS 1.3

Encryption in Transit

<24h

Incident Response

  • All data encrypted at rest using AES-256 encryption
  • TLS 1.3 encryption for all data in transit
  • Hosted on enterprise-grade cloud infrastructure with SOC 2 certified providers
  • Automated backups with point-in-time recovery
  • Network isolation and firewall rules enforced at the infrastructure level
  • Regular vulnerability scanning and penetration testing
  • Secure password hashing using bcrypt with per-user salts
  • Leaked password protection — passwords checked against known breach databases
  • Row-Level Security (RLS) policies on all database tables
  • JWT-based session management with automatic token refresh
  • API keys encrypted server-side using AES-GCM before storage
  • Role-based access control for admin and team features
  • Prompts and generation metadata retained for 90 days, then permanently deleted
  • We do not use your data to train AI models
  • BYOK (Bring Your Own Key) support — use your own API keys with full encryption
  • Right to deletion — request complete data removal at any time
  • Cookie consent with granular preferences (GDPR/CCPA compliant)
  • Do Not Track (DNT) browser signal respected
  • All sub-processors contractually bound to data protection standards
  • AI model providers: OpenAI, Anthropic, Google — enterprise-grade security
  • Payment processing: Stripe (PCI DSS Level 1 certified)
  • Email delivery: Resend (SOC 2 compliant)
  • Regular review of sub-processor security posture
  • 24-hour incident detection and response capability
  • 72-hour breach notification timeline per GDPR requirements
  • Post-incident review and remediation procedures
  • Dedicated security contact for urgent reports
  • Audit logging for all administrative and sensitive operations

Enterprise Security Features

Workspace Isolation

Each workspace operates in its own security boundary with separate access controls and audit trails.

IP Allowlisting

Restrict workspace access to specific IP ranges. Available on Business and Enterprise plans.

Audit Logging

Comprehensive audit logs for all administrative actions, data access, and team member activity.

Data Retention Controls

Configure per-workspace retention policies for chat history, generations, and audit logs.

Spend Controls & Budgets

Set per-workspace and per-member credit budgets with automatic alerts and hard caps.

Compliance Profiles

Pre-configured compliance profiles for HIPAA, SOC 2, and GDPR with automatic policy enforcement.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to VINCONY AI LTD. We appreciate your help in keeping Vincony safe.

security@vincony.com

Need enterprise-grade security?

Get custom DPAs, dedicated infrastructure, SSO, and priority incident response.

Talk to SalesVisit Trust Center

For a comprehensive overview for your security team, visit our Trust Center.

For data processing agreements and legal documentation, see our DPA, Privacy Policy, and Terms of Service.

Need a SOC 2 report or BAA? Contact Sales · 99.9% uptime SLA for paid plans.

Last updated: February 2026

Vincony — Access the World's Best AI Models