VectorAmp is early, technical, and honest about the controls we can stand behind. This page summarizes our current security posture without inventing certifications, offices, reports, or compliance programs.
Security pages are easy to overstate. We keep the promise narrower and make the engineering better.
Organizations, datasets, source records, API keys, and queries carry tenant context. The application and retrieval layers are built around those boundaries.
VectorAmp runs on AWS-managed infrastructure and uses standard cloud controls for identity, networking, storage, logging, and encryption.
We design operations around least privilege, clear ownership, logs, and reproducible deployment paths. Manual infrastructure changes are avoided.
Customers connect or upload data, and VectorAmp processes that data into source records, chunks, embeddings, indexes, query results, and citations. The system is designed so those records stay attached to the owning organization and dataset.
We use customer content to provide the product: ingestion, search, retrieval, citations, workflow generation, support, debugging, safety, and reliability. We do not use customer content to train shared foundation models.
We do not publish unverified certification badges, audit-report claims, regulated-workload promises, or authorization timelines. When a compliance claim is real and approved, we can say it plainly.
Public traffic is served over HTTPS. Service-to-service traffic is designed to stay inside private network paths where possible.
Customer content is stored in managed infrastructure with encryption at rest, access controls, and scoped service permissions.
Production access is scoped to operational need. Secrets and credentials are managed through environment and cloud identity controls.
Organizations, datasets, API keys, and query requests carry tenant context through the application and retrieval layers.
Application and infrastructure logs are used for debugging, abuse prevention, incident response, and reliability work.
We can discuss data-processing terms and subprocessor details during procurement. We do not publish claims for certifications we do not yet hold.
Use the contact form and select Security. Good reports include the affected asset, account or workspace context if applicable, reproduction steps, expected impact, and whether you accessed data that was not yours.
Please avoid destructive testing, automated scans that degrade service, social engineering, spam, or attempts to access another customer’s data.
We welcome good-faith reports. This is not a bounty promise, safe-harbor legal agreement, or permission to test beyond your own account. If you are unsure, ask first through the contact form.
No. Customer content is processed to provide the service, not to train shared foundation models.
VectorAmp runs on AWS-managed infrastructure. Region and deployment requirements should be discussed during onboarding or procurement.
For enterprise workloads, we can discuss deployment shape, network isolation, and operational requirements case by case.
Use the contact form for procurement-specific security or compliance questions. We only advertise certifications, attestations, business associate agreements, or authorization roadmaps after they are verified and approved.
Use the contact form and choose the Security topic. Include affected URL/API, repro steps, impact, and any proof-of-concept details.