Security

VectorSense builds enterprise learning, lab, and innovation platforms where customer data, participant work, and program outcomes must be protected. Security is embedded in how we design, deploy, and operate UpLearn, Just Labs, Hackable, and our AI solutions.

We maintain a layered security program that includes:

• Role-based access control (RBAC) and least-privilege access for internal systems and customer tenants.
• Encryption in transit using industry-standard TLS for data transmitted over public networks.
• Encryption at rest for sensitive data stored in our production environments, where supported by underlying infrastructure.
• Logical tenant isolation for multi-tenant platform deployments, including distributor–reseller–partner hierarchies on Hackable.
• Secure development practices, including code review, dependency management, and environment separation (development, staging, production).
• Logging and monitoring to detect anomalous activity and support incident investigation.
• Vendor due diligence for subprocessors that host or process customer data.

Our platforms are designed for enterprise and partner ecosystems where governance matters:

• Administrative controls for program owners, learning leaders, and channel operators.
• Safelisting and access policies for hackathon and lab environments where required.
• Participant and learner profiling scoped to authorized program administrators.
• Exportable reporting for leadership reviews without exposing unnecessary personal data.
• Support for customer security questionnaires and architecture reviews during procurement.

Where AI features are used in program setup, catalogue suggestions, scoring assistance, or analytics, we apply governance appropriate to the deployment — including human oversight, auditability, and customer-configured boundaries.

Customer data used in enterprise deployments is processed according to contractual terms. We do not use customer confidential data to train public models unless explicitly agreed in writing.

We maintain procedures to identify, contain, investigate, and remediate security incidents. Where contractual or legal obligations require customer notification, we will inform affected customers without undue delay and provide relevant details as they become available.

Enterprise customers may request security documentation, completed questionnaires (SIG, CAIQ, or custom), and architecture summaries as part of vendor onboarding. Contact us with your requirements and timeline.

Specific compliance certifications or attestations (e.g., SOC 2, ISO 27001) vary by service and deployment model — we will confirm what applies to your program during contracting.

If you believe you have discovered a security vulnerability affecting VectorSense systems, please report it responsibly to info@vectorsense.com with sufficient detail for us to reproduce and investigate. Do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them.

We appreciate coordinated disclosure from researchers and partners.