VendMetric

Security & Compliance

Vendor data deserves the same rigor you demand from vendors

We built VendMetric around the principle that no feature priority overrides tenant isolation or data protection. Here’s exactly where things stand today.

Available today

Encryption in transit

All traffic between your browser, VendMetric, and our database runs over encrypted HTTPS connections.

Role-based access control

Five distinct roles — Admin, Procurement, Compliance, Executive, and Vendor — each see only what their function requires.

Tenant isolation

Every database query is scoped to your organization. No customer can see another customer's vendors, documents, or scores.

Immutable audit trail

Every vendor action, document decision, and compliance exception is permanently logged — who, what, and when — with no update or delete path in the application.

Documented compliance exceptions

Manual overrides always require a written justification and are fully attributed and auditable — never a silent bypass.

Secure, hashed credentials

Passwords are never stored in plain text. Session tokens are signed and scoped to your account.

On our roadmap

We believe in being direct about what’s built versus what’s planned.

SSO, SAML & multi-factor authentication

Enterprise identity integration is on our near-term roadmap for organizations that require it.

SOC 2 Type II report

We are building toward SOC 2 alignment as we scale. We'll share our current status directly with prospective Enterprise customers.

Configurable data retention

Organization-level retention policies for documents and audit history, aligned to your regulatory requirements.

Have a security questionnaire?

We’re happy to walk your security or procurement team through our architecture directly.