Trust & Security

How we protect your data

PrimeVDR is built for the most sensitive document in your company: the investor data room. Here's how we keep it safe.

Encryption at rest and in transit

  • All documents encrypted with AES-256 (Amazon S3 SSE-KMS)
  • All data in transit protected by TLS 1.2+
  • Secrets stored in AWS Secrets Manager, never in code or config files

Per-recipient access control

  • Each investor gets a unique, non-guessable link, with no shared passwords
  • Email OTP verification on first open prevents forwarded links from being used
  • One-click revocation immediately blocks access; link invalidated within the signed-URL TTL
  • Expiry dates configurable per recipient

Per-recipient document watermarking

  • Every document page carries the investor's email address and access date
  • Watermarks are applied to derivatives; the original is never exposed
  • This creates a forensic trail if a document is leaked externally

Privacy by design

  • IP addresses stored only as salted SHA-256 hashes; raw IPs are never persisted
  • GDPR erasure support: PII (name, email) can be nulled while preserving the immutable audit trail
  • Single-region data residency; tenant data is strictly isolated at the database level via row-level security

Immutable audit trail

  • Every view, page turn, download, and heartbeat is recorded with timestamps
  • The audit log is append-only; the application role cannot update or delete event rows
  • Founders can export a full CSV audit at any time

Compliance posture

  • Designed for SOC 2 Type II readiness
  • GDPR-compliant data handling (founders are data controllers; PrimeVDR is the processor)
  • NDA click-through recorded with version, timestamp, and IP hash

Questions about security? Email us at security@primevdr.com

Back to PrimeVDR