Vertofi

Legal

Security

Last updated June 2026

Security is foundational to Vertofi, not an afterthought. This summary outlines our core controls; detailed documentation is available to enterprise customers under NDA.

Encryption

Data is encrypted in transit (TLS 1.2+) and at rest. The most sensitive identifiers receive additional field-level encryption.

Access control

Role-based and attribute-based access control, multi-factor authentication, and step-up verification for sensitive financial actions. Every change is recorded in an immutable audit log.

Tenant isolation

Every record is scoped to its organization and enforced at the database layer, so no tenant can ever read another tenant's data.

Compliance posture

The platform is built toward SOC 2 and ISO 27001 controls, with data residency in India. Report a concern at info@vertofi.com.