Security & Compliance
Vendor data deserves the same rigor you demand from vendors
We built VendMetric around the principle that no feature priority overrides tenant isolation or data protection. Here’s exactly where things stand today.
Available today
Encryption in transit
All traffic between your browser, VendMetric, and our database runs over encrypted HTTPS connections.
Role-based access control
Five distinct roles — Admin, Procurement, Compliance, Executive, and Vendor — each see only what their function requires.
Tenant isolation
Every database query is scoped to your organization. No customer can see another customer's vendors, documents, or scores.
Immutable audit trail
Every vendor action, document decision, and compliance exception is permanently logged — who, what, and when — with no update or delete path in the application.
Documented compliance exceptions
Manual overrides always require a written justification and are fully attributed and auditable — never a silent bypass.
Secure, hashed credentials
Passwords are never stored in plain text. Session tokens are signed and scoped to your account.
On our roadmap
We believe in being direct about what’s built versus what’s planned.
SSO, SAML & multi-factor authentication
Enterprise identity integration is on our near-term roadmap for organizations that require it.
SOC 2 Type II report
We are building toward SOC 2 alignment as we scale. We'll share our current status directly with prospective Enterprise customers.
Configurable data retention
Organization-level retention policies for documents and audit history, aligned to your regulatory requirements.
Have a security questionnaire?
We’re happy to walk your security or procurement team through our architecture directly.
