Security at Validova
Validova is built for regulated industries. Our security posture is designed to satisfy the expectations of compliance teams in consumer finance, lending, and professional services.
Encryption
All data in transit is encrypted with TLS 1.2+. All data at rest is encrypted with AES-256. Encryption keys are managed via a dedicated key management service with automatic rotation.
Email Architecture
Validova never stores email body content. All sends pass through your authenticated Gmail or Google Workspace account. Your domain, your SPF/DKIM/DMARC records, your deliverability.
Audit Trail
Every template send is logged with a timestamp, sender identity, recipient, and template version. Logs are immutable and retained for 1 year on Pro plans. Exportable for compliance reviews.
Access Controls
Role-based permissions on Pro plans. Admins can lock templates, restrict brand assets, and audit team activity. OAuth scopes are minimal — only what the CRM integration requires.
Infrastructure
Hosted on SOC 2 certified cloud infrastructure in the United States. Regular penetration testing. Automated vulnerability scanning on every deployment. 99.9% uptime SLA.
Incident Response
24-hour incident response SLA for critical security issues. Affected customers notified within 72 hours of confirmed breach, consistent with GDPR notification requirements.
Security questions?
If you have questions about our security posture, need a completed security questionnaire, or want to discuss compliance requirements for your organization, reach out directly.
Contact security team arrow_forward