Security & audit

Your documents carry pricing and means & methods. Vest keeps them yours — locked down by design, and provable in the audit log below.

How your data is protected

Your own vault

Your documents live in their own isolated storage and database. Nothing is ever shared between customers.

Server-enforced access

If you can't open a project, Vest can't search it or cite it for you. Revoke access once — the AI loses it too.

Cited or silent

Every answer shows its source. No source, no answer — Vest won't guess.

No training on your data

Written no-training terms with every AI provider. Your documents never train anyone's models — including ours.

US processing, end to end

Storage, backups and AI calls stay in US regions — encrypted at rest and in transit.

Your identity provider

Sign in with your company SSO and MFA. Remove someone from your directory and they're out of Vest too.

Compliancecertifications we are working towards
SOC 2 Type II
Independent audit of our security, availability and confidentiality controls.
In progress
ISO 27001
The international standard for information security management.
In progress
ISO/IEC 42001
The management standard for how AI systems are built and run.
In progress
GDPR & CCPA
Data privacy readiness for owner and joint-venture requirements.
In progress
Append-only audit log
WhenActorEventProjectReference
Jul 1 · 2:14 PMDaniel ReyesQuestion answered — 2 citations returnedNorthgateconv_08f3 · msg_1a42
Jul 1 · 2:14 PMVestCitations validated — 2 of 2 present in retrieved evidenceNorthgatemsg_1a42
Jul 1 · 2:01 PMMaria ChenDocument marked superseded — A9.2.1 Rev 1Northgatedoc_4410
Jul 1 · 1:59 PMVestDocument processed — 9 pages, ready for answersNorthgatedoc_5521
Jul 1 · 1:58 PMMaria ChenDocument uploaded — Addendum 02.pdfNorthgatedoc_5521
Jul 1 · 8:32 AMDaniel ReyesSigned in — SSO via company IdP, MFA satisfiedsession_77c1
Jun 30 · 4:47 PMT. AlvarezOPERATORAccess-review report exported — operator action, customer-visibleAllexport_9f12
Jun 30 · 9:03 AMPriya PatelProject access granted — by Project Admin M. ChenNorthgategrant_3b90
Who can see what
Project-level access
One check gates viewing, search and citations.
Two roles
Admins manage access and documents. Members view and ask.
Database backstop
Even a software bug can't leak one project into another.
Operator discipline
We touch your data only for support you approve — and it's logged above.
The log stores references, never document content, and is append-only — nothing can be edited or removed, including by us. Ask us for the current security packet.