Security at Vend

We aim to keep Vend safe for everyone, and security is of utmost priority.

Vulnerability disclosure program

Vend operates a security vulnerability disclosure program. Security researchers around the world continuously test the security of the Vend services, and report issues via the program. Learn more about Vend's vulnerability disclosure program hosted by HackerOne.

Thank you to all the security researchers who reported vulnerabilities prior to Vend's move to HackerOne.

System security

Our systems are kept up-to-date with security patches and consistent using configuration management software.

We use multiple firewalls and VPN services to help block unauthorized system access.

We restrict shell access to our servers to a small set of Vend employees for maintenance. We use username and key authentication, keeping password authentication disabled.

Data storage & backups

We consistently replicate your data to fault-tolerant clusters of database servers. We perform full backups nightly and incremental backups every hour. Our backup strategy allows us to recover in the unlikely event of a major data incident.

Physical security

We host our infrastructure with Amazon Web Services, an ISO 27001 certified company with data centers secured with biometrics, 24-hour surveillance and 24x7 onsite staff providing additional protection against unauthorized entry.

Data center access is restricted to data center technicians only.

Credit card safety

When you sign up with Vend, we do not store any of your card information on our servers.

It's directly handed off to Chargify, a company dedicated to storing your sensitive data on PCI-Compliant servers.

Independent audits and inspections

We maintain relationships with reputable independent security firms to regularily perform penetration tests, source code assessments and security reviews. These firms include Insomnia and Cigital.

Reporting a security issue.

If you have discovered a potential security issue with Vend, please let us know right away by submitting it to our vulnerability disclosure program hosted by HackerOne.

For any other security questions and concerns please open a support request.

open support request