Trust Center
Everything your security and procurement team needs to evaluate Vincony. We're committed to transparency, data protection, and enterprise-grade security.
Last updated: February 2026
Full compliance with EU data protection regulations including data portability and right to deletion.
CopyCalifornia Consumer Privacy Act compliant with opt-out controls and data disclosure.
CopySecurity controls aligned with SOC 2 Type II standards. Report available on request.
CopyAES-256 encryption at rest, TLS 1.3 in transit across all services.
CopyData ProtectionVerified Q1 2026
Zero Training Policy
We never use your data to train AI models. Your prompts and outputs remain entirely yours.
Encryption Everywhere
AES-256 at rest, TLS 1.3 in transit. API keys encrypted with AES-GCM before storage.
90-Day Retention
Prompts and generation metadata are automatically deleted after 90 days.
BYOK Support
Bring Your Own Key — use your API keys with full server-side encryption.
Access ControlsVerified Q1 2026
- Row-Level Security (RLS) policies enforced on every database table
- Role-based access control (RBAC) for admin and team features
- JWT-based session management with automatic token refresh
- Secure password hashing with bcrypt and per-user salts
- Leaked password protection — passwords checked against breach databases
- Compliance profiles for restricting model access (HIPAA, SOC 2, PCI DSS)
- Audit logging for all administrative and sensitive operations
Sub-ProcessorsVerified Q1 2026
All sub-processors are contractually bound to data protection standards equivalent to or exceeding our own.
| Provider | Purpose | Certifications | Region |
|---|---|---|---|
| OpenAI | AI model inference (GPT-5 series) | SOC 2 Type II, GDPR DPA | US |
| Anthropic | AI model inference (Claude series) | SOC 2 Type II, GDPR DPA | US |
| Google Cloud | AI model inference (Gemini series) & infrastructure | SOC 2, ISO 27001, GDPR | US / EU |
| Stripe | Payment processing | PCI DSS Level 1 | US |
| Resend | Transactional email delivery | SOC 2 Compliant | US |
Platform Governance
Admin Visibility
Full visibility into team usage, model selection, credit consumption, and content generation across all workspaces.
Spend Controls
Per-workspace and per-member credit budgets with automatic alerts, hard caps, and approval workflows.
Content Policies
Configure workspace-level content policies, model restrictions, and output verification requirements.
Data Residency
Primary data storage: United States
EU data residency available for Enterprise customers on request.
AI inference processed via US and EU endpoints depending on model provider.
Incident Response
99.9% uptime SLA for paid plans.
24-hour incident detection and response capability.
72-hour breach notification per GDPR requirements.
Post-incident review and remediation procedures.
Agreements & Documentation
Need a BAA, custom NDA, or security questionnaire? Contact Sales →
Security FAQ
Need a Security Whitepaper?
Request our comprehensive security documentation package for your procurement or compliance review.
Request DocumentationFor technical security details, see our Security Practices page. Report vulnerabilities to security@vincony.com.
VINCONY AI LTD (Company Number: 17047337). Registered Office: 3rd Floor, 86-90 Paul Street, London EC2A 4NE, England.