Security

All traffic to the website and our APIs is served over HTTPS/TLS.

Access to the platform uses token-based authentication with role-based permissions, on a least-privilege basis. Our public website assistant has no access to any customer or employee data.

The Neo assistant uses Google (Gemini) and Groq as AI sub-processors (see Sub-processors). The website assistant answers general questions only and is not given personal or account data.

Our services run on managed infrastructure with network controls and regular database backups. Encryption at rest, key management and infrastructure hardening are being rolled out as part of our certification program.

We monitor our services and maintain backups to support recovery. Logging and alerting are being expanded under our security program.

SOC 2 and ISO/IEC 27001 are in progress. Once available, reports and certificates will be made available to customers under NDA.

Found a vulnerability? Please report it to info@vinproconnect.com and allow us reasonable time to remediate before public disclosure.