Question 1

Where is my data stored?

Accepted Answer

VantageKit runs on Supabase (PostgreSQL) and Vercel, both SOC 2 certified providers hosted in the United States. All data is encrypted at rest and isolated with Row-Level Security.

Question 2

Is VantageKit SOC 2 certified?

Accepted Answer

Our infrastructure providers (Vercel and Supabase) are SOC 2 certified. VantageKit is pursuing its own SOC 2 Type 2 certification, targeted for 2026.

Question 3

How does watermarking protect my documents?

Accepted Answer

Every viewer sees a unique watermark embedded in your documents. If a document is leaked, you can upload the leaked copy and VantageKit will match it against watermark records to identify the source viewer.

Question 4

Can I control who sees and downloads my content?

Accepted Answer

Yes. VantageKit offers multiple layers of access control: password protection, email verification gates, allow and deny lists by email or domain, link expiration dates, and download control. You can combine these for multi-step access gates that require password entry, email verification, and NDA acceptance before viewing.

Question 5

How does VantageKit handle GDPR?

Accepted Answer

VantageKit follows GDPR principles including data minimization, purpose limitation, and the right to erasure. Viewer IP addresses are hashed before storage, email data is stored as partial hints for privacy-preserving attribution, and you can delete all viewer data at any time.

Question 6

What happens if a document leaks?

Accepted Answer

VantageKit's leak detection lets you upload a leaked document and cross-reference it against watermark records from every download to identify who shared it.

Question 7

Do you sell or share my data?

Accepted Answer

No. VantageKit never sells your data or shares it with third parties for advertising purposes. We only share data with infrastructure providers necessary to operate the platform (Supabase, Vercel, Resend) under strict data processing agreements.

Question 8

Is my data encrypted?

Accepted Answer

Yes. All data is encrypted at rest using AES-256-GCM and in transit using TLS. Passwords are hashed with bcrypt and are never stored in plaintext or recoverable by anyone, including VantageKit staff.

Question 9

Can I delete all my data?

Accepted Answer

Yes. You can delete individual documents, deal rooms, and viewer data at any time. If you close your account, all associated data is permanently removed from our systems within 30 days, consistent with GDPR right-to-erasure requirements.

Question 10

How are backups and disaster recovery handled?

Accepted Answer

Supabase performs daily automated backups of all database data with point-in-time recovery. Document files are stored with redundancy across multiple availability zones. Our recovery procedures are designed to minimize data loss and downtime in the event of an incident.

Security at Every Layer

How We Protect Your Documents

Encryption and Infrastructure

Access and Authentication

Privacy and Compliance

Document-Level Protection

Password Protection

Email Verification

Allow and Deny Lists

Link Expiration and Download Control

Dynamic Watermarking

Role-Based Access Control

Privacy and Data Handling

IP Address Hashing

Privacy-Preserving Attribution

Data Retention Controls

GDPR Compliance

CCPA Compliance

PDPL Compliance

Compliance and Roadmap

What We Do Today

On Our Roadmap

Security FAQ

Have security questions?