Trust Center

NDA-scoped documentation for security reviews, vendor onboarding, and procurement.

Last updated: February 2026

Classification: NDA-scoped reviewer documentation

Access Scope

  • Trust Center access is intended for approved customer reviewers.
  • Detailed operational and compliance content is shared under NDA and scoped role-based access.
  • Access is least-privilege and can be revoked when review windows close.

What This Covers

This Trust Center provides customer-facing information about how Vostego secures systems and handles data. It is designed to answer common vendor security questionnaire topics up front.

Security Overview

NDA-scoped summary of security controls, platform architecture, and access boundaries.

Data Handling

NDA-scoped data categories, retention approach, deletion requests, and processing boundaries.

Incident Response

NDA-scoped response lifecycle and communication model for security incidents.

Subprocessors

NDA-scoped third-party service categories used to operate the platform.

Compliance Readiness

NDA-first review model for questionnaires, legal terms, and customer diligence.

Security Questionnaire FAQ

NDA-scoped answers to common enterprise IT and procurement questions.

Availability and BCDR

NDA-scoped continuity, backup, and recovery practices for due diligence.

Security Artifacts Matrix

What is available by default and what requires NDA-scoped evidence access.

Questionnaire Starter Pack

NDA-scoped reusable responses for common enterprise security and procurement questionnaires.

Data Retention and Deletion

NDA-scoped retention principles, deletion workflow, and response timing expectations.

Responsible Disclosure

NDA-scoped disclosure and triage expectations for security issue reporting.

Change Management and SDLC

NDA-scoped release controls and secure development lifecycle overview.

Access Review and Offboarding

NDA-scoped access grant, review, and revocation lifecycle.

Legal and Contracting

NDA-scoped legal request flow for DPA, terms, and procurement review.

Review Intake and SLA

NDA-scoped intake requirements, ownership model, and response timing.

Procurement Packet

Recommended first-read packet for security and procurement reviewers.

Security Questionnaire Support

If your procurement or security team needs a completed questionnaire, send it to [email protected] with your timeline and any required NDA terms.

  • Typical first response target: 3-5 business days
  • Expedited reviews are possible for active pilots or production onboarding
  • Additional artifacts are shared based on customer risk and legal requirements
  • Restricted operational details are shared only after NDA confirmation and scoped reviewer approval
  • Trust documentation and response materials are reviewed at least annually and updated for material changes

Important Notes

  • This Trust Center is a summary and does not replace contractual terms.
  • Some controls differ by environment and deployment path.
  • We avoid publishing sensitive implementation details that would increase system risk.