Security Artifacts Matrix

What security and compliance artifacts are public, NDA-gated, or available on request.

How to use this page

This matrix shows what we can share immediately, what requires NDA and role-gated access, and what is provided during scoped security reviews.

Unless explicitly noted otherwise, assume restricted artifacts require NDA and approved reviewer scope. 

<section>
  <h2>Artifacts by Access Level</h2>
  <table>
    <thead>
      <tr>
        <th>Artifact</th>
        <th>Access level</th>
        <th>How to request</th>
      </tr>
    </thead>
    <tbody>
      <tr>
        <td>Trust Center overview pages</td>
        <td>Role-gated (authenticated reviewer portal)</td>
        <td>Request reviewer access via procurement flow</td>
      </tr>
      <tr>
        <td>Security questionnaire responses</td>
        <td>NDA + on request</td>
        <td>Email template + timeline to privacy@vostego.com</td>
      </tr>
      <tr>
        <td>Data handling summary and deletion workflow</td>
        <td>NDA + role-gated (authenticated reviewer portal)</td>
        <td>Available in Trust Center Data Handling page</td>
      </tr>
      <tr>
        <td>Incident response summary</td>
        <td>NDA + role-gated (authenticated reviewer portal)</td>
        <td>Available in Trust Center Incident Response page</td>
      </tr>
      <tr>
        <td>Subprocessor category summary</td>
        <td>NDA + role-gated (authenticated reviewer portal)</td>
        <td>Available in Trust Center Subprocessors page</td>
      </tr>
      <tr>
        <td>Scoped operational architecture details</td>
        <td>NDA + role-gated</td>
        <td>Customer review flow after NDA confirmation</td>
      </tr>
      <tr>
        <td>Restricted operational runbooks</td>
        <td>NDA + role-gated</td>
        <td>Shared only for justified security review scope</td>
      </tr>
    </tbody>
  </table>
</section>

<section>
  <h2>Review Expectations</h2>
  <ul>
    <li>We provide clear, accurate answers over broad or unverifiable claims.</li>
    <li>We protect sensitive implementation details that would increase system risk if publicly disclosed.</li>
    <li>Access to restricted content requires NDA confirmation and least-privilege role assignment.</li>
  </ul>
</section>

<section>
  <h2>Request Contact</h2>
  <p>
    Send security review requests to <a href="mailto:privacy@vostego.com">privacy@vostego.com</a>
    with your required artifacts and target due date.
  </p>
</section>

← Back to Trust Center