Security at VaultMate

We take the security of your data seriously. Here's exactly what we do — and what we don't do — to keep it safe.

Our Core Promise

VaultMate never transmits the actual contents of your files. We scan locally and only send metadata — file paths, data types found, and risk scores. Your sensitive data never leaves your device.

Data Encryption

All communication between the VaultMate agent and our servers uses modern encryption standards.

  • TLS 1.3 for all data in transit between agent and server
  • AES-256 encryption for data stored in our database
  • Encrypted database backups
  • Secure secret management via environment variables — no hardcoded credentials

What We See vs. What We Send

Scanned locally on your device
  • Full file contents (read-only, never modified)
  • Pattern matching for SSNs, credit cards, emails, medical data
  • File metadata (name, path, size, date)
Sent to VaultMate servers
  • File path and name only
  • Type of sensitive data found (e.g. "SSN", "Credit Card")
  • Risk score — never actual sensitive values

Infrastructure

VaultMate is hosted on Replit's Autoscale infrastructure, which runs on industry-standard cloud providers with built-in security controls.

  • Hosted on SOC 2-certified cloud infrastructure (via Replit / underlying cloud providers)
  • Automatic platform-level security patching
  • HTTPS enforced on all endpoints — no plain HTTP
  • PostgreSQL production database with encrypted connections

Our Compliance Roadmap

We want to be completely transparent: VaultMate is an early-stage product. We are not yet SOC 2 certified, ISO 27001 certified, or formally HIPAA/GDPR audited. These are goals we're working toward as we grow.

What we do provide is a tool that helps your organization identify where HIPAA- and GDPR-sensitive data exists on your devices — that's different from us being certified ourselves.

Vulnerability Disclosure

Found a security issue? Please email us at security@vaultmateai.com. We commit to responding within 48 hours and working with you transparently to address any legitimate concerns.

Still have security questions?

Contact Us