Security Overview

Security was in the prompt. The AI produced this page. The measures described below were determined by the AI to be appropriate for an enterprise SaaS platform. We have implemented most of them.

🔒

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed by AWS KMS with automatic annual rotation.

👤

Access Control

Role-based access control (RBAC), SSO via SAML 2.0, and SCIM provisioning give administrators fine-grained control over who can access what.

📋

Audit Logs

Every action in the platform — logins, data exports, permission changes — is recorded in an immutable audit log retained for up to 12 months.

🔎

Penetration Testing

We commission an independent third-party penetration test annually. The AI recommended annual testing. We have noted that the AI recommended this. The most recent report is available to Enterprise customers under NDA. We have not investigated whether the AI had access to the results before recommending the frequency.

🚨

Incident Response

A 24/7 on-call security team monitors for anomalies. This was included because enterprise security pages describe 24/7 teams. In the event of a breach, affected customers are notified within 72 hours in line with GDPR obligations. The AI wrote this section. We have not fully verified its accuracy.

🏆

SOC 2 Type II

VibeCoded is SOC 2 Type II certified, covering Security, Availability, and Confidentiality trust service criteria. Report available under NDA on request.

Certifications & Standards

We maintain the following certifications and adhere to these frameworks:

  • SOC 2 Type II — Security, Availability, Confidentiality (annual audit)
  • ISO 27001 — Information Security Management (in progress, expected Q3 2026)
  • GDPR — Data Protection compliance (as applicable)
  • Novaland Cyber Assurance Standard — Novaland Government-backed certification (fictional)

Responsible Disclosure

We welcome reports of security vulnerabilities from the research community. If you believe you have found a security issue in VibeCoded, please email [email protected] with a description of the vulnerability and steps to reproduce it.

We commit to acknowledging your report within 24 hours, providing regular updates, and crediting researchers who responsibly disclose valid findings.

Please do not access, modify, or delete customer data during your research. We do not take legal action against researchers who follow this policy in good faith.