Security & Compliance Measures

Vercel ensures data security and compliance through a range of measures, including DDoS mitigation, SOC 2 Type 2 compliance, data encryption, and adherence to standards like ISO 27001:2022 and PCI DSS. The company operates on a shared responsibility model, detailing the security roles between Vercel and its customers. Vercel supports GDPR compliance and offers features like Secure Compute for HIPAA compliance, allowing customers enhanced data protection. They are certified under the EU-U.S. Data Privacy Framework and TISAX for data privacy across various sectors. Vercel's infrastructure relies primarily on Amazon Web Services (AWS) and utilizes a multi-layered security approach, including centralized IAM and cloud security posture management. They implement a failover strategy using AWS Global Accelerator and Anycast networks to ensure network resilience and conduct regular resiliency testing to meet recovery objectives. Data is encrypted at rest with AES-256 and in transit with HTTPS/TLS 1.3, with regular backups being conducted and stored separately for disaster recovery. Enterprise accounts have isolated infrastructure, and the company regularly performs penetration tests and audits to maintain security standards.