Security at VGS

Very Good Security is our name, and data security is our business. We're committed to using the best possible security practices. If you have any questions or encounter any issues, please let us know. You can find a more detailed description of our controls in our full Security Statement.

Protecting Your Data

VGS is a certified Level 1 PCI Service Provider. Similarly VGS has achieved SOC2 (Service Organization Controls 2) Type 2 certification as well as Experian Ei3PA certification. To maintain compliance for each of these, VGS is audited by qualified independent third-party auditors on a yearly basis. We utilize market-leading security tools, practices and procedures to maintain the highest level of security at VGS.

HTTPS and HSTS for Secure Connections

VGS requires HTTPS for all services using TLS 1.2 (SSL), including our public website and Dashboard.

  • VGS IFrames are always served over TLS 1.2 using only secure ciphers
  • Official VGS libraries connect to VGS servers over TLS 1.2 with appropriate ciphers and verify remote endpoint TLS certificates on each connection

We regularly audit the details of our implementations, including the certificates we serve, the certificate authorities we use, and the ciphers we support.

Encryption: Sensitive Data and Communications

We encrypt all sensitive data (including card numbers) at the database field level using AES-256 encryption. Decryption keys are stored on separate devices, completely segmented from the data. Our internal servers and applications are designed so that it is impossible for VGS applications or employees to obtain plaintext card numbers or other sensitive fields. Applications or employees are only able to request that this data be shared with a pre-vetted service provider on a static whitelist. Finally, our systems for storing, decrypting and transmitting card numbers run in separate hosting infrastructure and do not share any credentials with our primary services (Proxy, Vaults, APIs, websites, etc.).

Any Questions?

We're happy to get in touch. Search our documentation, contact support, or connect with our sales team. You can also chat live with VGS engineers in our Slack channel.