Trust Center

Transparency is the foundation of governance. Here we detail our security posture, compliance certifications, and data handling protocols required by highly regulated industries.

SOC2 Type II

ISO 27001

GDPR Compliant

HIPAA Ready

Data Encryption

We employ a defense-in-depth strategy to protect data in transit and at rest. All API endpoints require TLS 1.3.

In Transit TLS 1.2 / 1.3 (HTTPS)

At Rest AES-256 GCM

Infrastructure & Sub-processors

Provider	Purpose	Location
Amazon Web Services (AWS)	Core Infrastructure & Compute	US East (N. Virginia)
Cloudflare	CDN & DDoS Protection	Global Anycast
Google Cloud	Data Analytics (Anonymized)	EU (Frankfurt)

Privacy & Data Sovereignty

John Anthony VB acts as a Data Processor. We process data solely on behalf of our clients (Data Controllers) and in accordance with their instructions.

Data Retention: Logs are retained for 30 days for debugging, then permanently deleted.
Right to be Forgotten: API endpoints support automated deletion requests (GDPR Art. 17).
Data Residency: Clients may pin data processing to specific regions (US or EU) to satisfy compliance requirements.

Compliance Reports

Access restricted to verified clients under NDA.

SOC 2 Type II Report

↓

Penetration Test 2024

↓

Data Processing Agreement

↓

Security Team

Report vulnerabilities or request audit logs.

security@johnanthonyvb.com

PGP Key ID: 0x4D2F8A