Security
How we protect your account, your data, and your payments.
Encryption
All traffic between your browser and VCI Marketplace is encrypted in transit with TLS. Sensitive personal information stored in our database — including identifiers used for account contact — is encrypted at rest. Backups inherit the same protections.
Payments
We never see or store your card details. Payments and seller payouts are handled by a PCI-DSS Level 1 certified payment processor; your card data goes directly to them. The marketplace only receives a transaction reference, never the underlying card number.
Account protection
- Sessions use short-lived, signed tokens with automatic refresh.
- Sensitive actions (password change, email change, payout setup) require re-authentication and trigger a confirmation email.
- Role-based access controls separate buyers, sellers, reviewers, and administrators. No role can be self-assigned.
- Administrative actions are written to a tamper-evident audit log.
Infrastructure
The marketplace runs on hardened cloud infrastructure with network-level isolation, least-privilege service roles, and regular dependency review. We minimize the number of vendors that touch your data; the ones we use are listed on the Subprocessors page.
Responsible disclosure
Found a vulnerability? Please email security@vcinc.ai with a description, steps to reproduce, and any relevant proof of concept. We respond within two business days and will keep you informed as we triage and remediate. Please don't access user data beyond what is needed to demonstrate the issue, and please don't publicly disclose until we've agreed on a timeline.
Related
For the specifics of what we collect, why, and your rights, see the Privacy Policy. For our vendor list, see Subprocessors.