How Does VectorGap
Protect Your Data?
VectorGap is built with workspace access controls, API safeguards, signed webhooks, and public privacy documentation for customer review.
Why Is Security Critical for AI Brand Intelligence?
When you use VectorGap to monitor what AI systems say about your brand, you're trusting us with sensitive competitive intelligence. Your brand perception data, Knowledge Base documents, and audit results contain strategic information that competitors would value. That's why security isn't an afterthought at VectorGap—it's foundational to how we build and operate our platform.
AI brand intelligence platforms face unique security challenges. We store competitive intelligence, trigger scheduled audits, manage API keys, and send signed webhook callbacks. Each of those paths needs clear authorization boundaries and practical abuse controls to reduce the chance of data leakage or misuse.
Our security approach follows a defense-in-depth mindset: workspace-level access checks, scoped API credentials, rate limits, webhook signing, URL validation, and documented privacy processes. This page focuses on product controls we can point to directly, plus the public legal resources available for review.
What Security Measures Protect Every Layer?
From access control to webhook validation, the product uses layered safeguards to reduce practical security risks.
Defense in depth means not relying on a single control. In VectorGap, that starts with authenticated access and workspace boundaries. Sensitive product actions such as API key management and webhook changes require a valid session plus owner or admin access, rather than relying on front-end checks alone.
API access is protected with scoped API keys and server-side rate limits. Webhook deliveries include signatures so receiving systems can verify origin, and webhook URLs are screened to block localhost, private-network, and metadata endpoints before delivery is allowed.
Inside the product, teams can review security-related activity, webhook delivery history, and retention settings from the workspace. We also publish GDPR and DPA information publicly so customers have a clear starting point for privacy and procurement reviews.
Workspace membership checks gate access to brands, audits, and settings. Sensitive actions require authenticated owner or admin access.
API keys support scoped permissions, expiry, and per-key rate limits. Sensitive key-management actions also have stricter server-side throttling.
Webhook deliveries are signed, recorded, and validated. Webhook endpoints are checked to block localhost, private IP, and metadata targets.
VectorGap exposes in-product security events, audit activity, delivery history, and retention settings for workspace operators.
Public GDPR and DPA pages document how VectorGap approaches customer data handling and legal review requests.
Security issues can be reported to the team for review. For current vendor questionnaires or incident-process details, contact VectorGap directly.
What Security and Privacy Documentation Is Available?
Public legal and privacy resources that customers can review before a deeper security conversation.
Security reviews usually start with clarity, not slogans. That means showing the privacy documents, support contacts, and in-product controls a customer can actually inspect today. For VectorGap, the clearest public resources are the GDPR and DPA pages plus the security contact path for follow-up questions.
Those resources are complemented by product controls such as workspace authorization, scoped API keys, webhook signing, and retention settings. Together they give technical buyers something concrete to evaluate before asking for custom documentation or procurement follow-up.
If your team needs the latest answers on audits, questionnaires, or contractual language, the right next step is a direct review with VectorGap rather than relying on generic marketing language.
GDPR Information
Public GDPR documentation is available for customers reviewing data handling practices.
Learn more →DPA Availability
A Data Processing Addendum overview is published, and signed paperwork can be requested from the team.
Learn more →Security Contact
Security and legal review requests can be routed through the published contact paths.
Learn more →How Do Our Security Practices Work in Detail?
Detailed breakdown of our security controls across data protection, application security, API security, and operational procedures.
Data protection in VectorGap starts with workspace-scoped authorization. Brand data, Knowledge Base documents, audit results, and webhooks are fetched only after server-side checks confirm the current user or API key belongs to the correct workspace.
Application-level safeguards include schema validation on key mutations, rate limiting for API traffic and sensitive actions, and URL safety checks for webhook endpoints. These controls are practical and specific: they help prevent abuse, accidental exposure, and obvious SSRF paths in integration workflows.
API security is especially important for customer integrations. Each API key carries explicit scopes, webhook deliveries are signed, and delivery history is stored so teams can inspect what was sent and when. If you need controls beyond the public product surface, contact the team as part of your security review.
Data Protection
- Workspace-scoped access checks on customer data
- Configurable retention settings in the security workspace
- Account and workspace deletion flows in product
- Public GDPR and DPA documentation
Application Security
- Server-side authorization checks on protected routes
- Schema validation on key API mutations
- Rate limiting for API requests and critical actions
- Webhook URL validation to reduce SSRF risk
API Security
- API keys with scoped permissions
- Bearer-token authentication for API routes
- Signed webhook deliveries
- Webhook delivery history and testing
Operational Security
- Security contact for review requests
- In-product security event visibility
- Admin audit logs for key actions
- Privacy and legal escalation paths
How Can I Report a Security Vulnerability?
We appreciate security researchers who help us keep VectorGap secure. If you discover a security vulnerability, please report it responsibly so we can address it before it affects our users.
How to Report
- Email security@vectorgap.com with details of the vulnerability
- Include steps to reproduce the issue
- Allow us reasonable time to address the issue before public disclosure
What to Expect
- Your report will be reviewed by the team
- We may follow up for more detail or reproduction steps
- We will prioritize fixes based on severity and impact
Do not: Access customer data, disrupt services, or share vulnerabilities publicly before we've had a chance to fix them.
Frequently Asked Questions About VectorGap Security
Common questions about how we protect your brand data and maintain compliance.
VectorGap protects brand data with workspace-scoped access checks, admin restrictions for sensitive actions, scoped API keys, webhook signing, and server-side rate limiting. The product also exposes security-event and retention controls inside the workspace so operators can review activity and data-management settings.
VectorGap publishes GDPR and DPA information publicly and includes retention and deletion controls in the product. If you need a signed DPA, procurement documentation, or the latest legal posture for your review, contact the team directly.
This page focuses on controls and documentation that are visible in the product and public legal pages today. For the latest answers on vendor questionnaires, audits, or certification status, contact VectorGap during your security review.
Email security@vectorgap.com with a clear description of the issue and steps to reproduce it. The team reviews reports manually and will follow up if more context is needed. Avoid accessing customer data or disrupting service while testing.
Have Questions About Our Security Practices?
Our team is happy to answer any security questions or provide additional documentation for enterprise evaluations and compliance reviews.