Security & Trust
A practical security posture for low-friction employee exposure pilots.
No passwords required
VantaBlade does not require employee passwords, endpoint agents, or mailbox access to begin exposure monitoring.
Employee emails only
The B2B workflow starts from admin-provided work email addresses and uses them to identify relevant exposure signals.
Supabase Auth
Command Center authentication is handled through Supabase Auth, with authenticated B2B API requests using Supabase-issued JWTs.
TLS encryption
Browser-to-service traffic is transmitted over encrypted HTTPS connections.
Tenant-separated workspace model
Workspaces are scoped by company context. The frontend resolves tenant context through the B2B API before loading employees, incidents, scans, or reports.
Minimal data collection
We collect the business workspace data needed to create a company, monitor employee emails, display exposure results, and support remediation workflows.
Early-stage transparency
VantaBlade is designed for focused pilots with clear expectations, direct onboarding support, and practical controls rather than inflated compliance claims.
Not SOC 2 certified today
VantaBlade is not SOC 2 certified today. We are building toward stronger assurance as customer and operational requirements mature.
Built for low-friction pilot programs
Teams can validate employee identity exposure visibility without deploying agents, collecting passwords, or committing to a heavy enterprise rollout.