Security & Trust

A practical security posture for low-friction employee exposure pilots.

No passwords required

VantaBlade does not require employee passwords, endpoint agents, or mailbox access to begin exposure monitoring.

Employee emails only

The B2B workflow starts from admin-provided work email addresses and uses them to identify relevant exposure signals.

Supabase Auth

Command Center authentication is handled through Supabase Auth, with authenticated B2B API requests using Supabase-issued JWTs.

TLS encryption

Browser-to-service traffic is transmitted over encrypted HTTPS connections.

Tenant-separated workspace model

Workspaces are scoped by company context. The frontend resolves tenant context through the B2B API before loading employees, incidents, scans, or reports.

Minimal data collection

We collect the business workspace data needed to create a company, monitor employee emails, display exposure results, and support remediation workflows.

Early-stage transparency

VantaBlade is designed for focused pilots with clear expectations, direct onboarding support, and practical controls rather than inflated compliance claims.

Not SOC 2 certified today

VantaBlade is not SOC 2 certified today. We are building toward stronger assurance as customer and operational requirements mature.

Built for low-friction pilot programs

Teams can validate employee identity exposure visibility without deploying agents, collecting passwords, or committing to a heavy enterprise rollout.