Security at Vaultric

Your financial data is sensitive. Here's how we protect it.

Our Security Practices

Encryption

  • 256-bit AES encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Passwords are hashed and salted — never stored in plaintext
  • Encrypted database backups with geographic redundancy

Access Control

  • Row Level Security (RLS) on all database tables
  • Users can only access their own data
  • Principle of least privilege for staff access
  • Multi-factor authentication available

Infrastructure

  • Hosted on EU/UK servers
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • DDoS protection and rate limiting

Compliance

  • UK GDPR compliant
  • Data Protection Act 2018
  • Stripe PCI DSS Level 1 (for payments)
  • Regular compliance reviews

What We Never Do

Ask for your bank login credentials
Store credit card numbers or CVVs
Sell or share your data with third parties
Use your data for advertising
Access your data without valid reason
Share data with credit bureaus

Responsible Disclosure

If you discover a security vulnerability in Vaultric, we appreciate your help in disclosing it to us responsibly. We take all reports seriously and will work to address issues promptly.

Response time

We will acknowledge your report within 48 hours and provide regular updates on our progress.

When reporting, please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggestions for a fix

Please do not publicly disclose vulnerabilities until we have had a chance to address them. We will credit you in our security acknowledgments (unless you prefer to remain anonymous).