🔒 Security

Security at Venn

Your account data and your partners' data are sensitive. Here's exactly how we handle them — no marketing fluff.

🔐

Encryption at Rest

All data stored on Venn's servers — account lists, analysis results, user profiles — is encrypted at rest using AES-256. Encryption keys are rotated regularly and never stored alongside data.

AES-256
🔒

Encryption in Transit

All data transferred to and from Venn is encrypted using TLS 1.2+. We enforce HTTPS across every endpoint. HTTP connections are redirected automatically. Certificates are managed via Cloudflare.

TLS 1.2+ / HTTPS
👥

Partner Data Privacy

Your partner shares a CSV via magic link. They only ever see accounts that appear in both lists — never your full account list. You never see theirs. Overlap is the only output surfaced to either party.

Isolation by design
🚫

No Data Sold. Ever.

Venn does not sell, rent, or license your data or your partners' data to third parties. Data submitted for overlap analysis is not used to train models, enrich other customers' accounts, or for any purpose outside your analysis.

Zero third-party data sharing
🗑️

Partner Data Retention

CSV data submitted by partners via magic links is used only for the overlap calculation and is not retained permanently. Your own account data is retained for your account's lifetime and deleted upon account closure on request.

Minimal retention

Infrastructure

Venn is hosted on Render with DNS and CDN via Cloudflare. No self-managed servers, no shared infrastructure with other tenants.

Hosting — Render

Web services and background workers run on Render's managed platform. Automatic DDoS protection, always-on TLS, and isolated service containers.

DNS & CDN — Cloudflare

All DNS is managed via Cloudflare. Cloudflare proxies all traffic, providing DDoS mitigation, WAF, and SSL termination at the edge.

Database — Neon PostgreSQL

Data is stored in Neon's managed PostgreSQL service with automated backups, point-in-time recovery, and encryption at rest.

Authentication — Magic Links + JWT

No passwords stored. Login uses time-limited magic links sent to your email. Sessions use short-lived JWT tokens stored in httpOnly cookies.

📋

SOC 2 Roadmap

Venn is currently a small, focused product. We are not yet SOC 2 certified. We are actively building towards it. Here's where things stand:

Encryption at rest & in transit ✓
Access control & auth ✓
Data isolation by design ✓
Audit logging — in progress
Formal SOC 2 audit — planned 2026

If SOC 2 is a hard requirement for your team, reach out and we'll discuss your timeline.

Security Questions?

Responsible disclosure, data deletion requests, or anything security-related — email us directly. We respond to security reports within 24 hours.

✉ hello@venn.cloud

Built to earn your trust.

Your data. Your partner's data. Protected by design, not as an afterthought.

Try Venn free → View pricing