Compliance

Our approach

At Vendorapp, we take compliance seriously. Whether you're subject to global regulations like GDPR, handling sensitive data, or ensuring your vendors meet contractual obligations, we've built the platform to support and simplify your compliance efforts.

Vendorapp's design reflects modern compliance expectations — from secure infrastructure and auditable logs to automated data retention and vendor screening workflows.

Certifications and standards

We align with best practices and frameworks to help ensure both our platform and your vendor management process meet regulatory expectations. This includes:

GDPR-readiness. We act as both a data controller and data processor, depending on the context. Our privacy practices are aligned with GDPR principles.
Cyber Essentials (UK). Vendorapp meets baseline controls for cybersecurity and data protection. Certification underway.
SOC 2 Type I (in progress). Demonstrates our commitment to security, availability, and confidentiality controls.
Vendor compliance. Vendors can be evaluated based on ESG, data protection, and business continuity via built-in assessments.

How we stay compliant

We've implemented key controls across the platform to help meet your compliance needs:

Control area	What we do
Data security	Encryption at rest and in transit, MFA, firewall-enabled devices
Data minimization	Only essential data is collected and stored
Auditability	All key actions are logged and timestamped
Vendor risk screening	Integrated checks for sanctions, PEP, and adverse media
Access control	Rule-based permissions and activity monitoring
Data retention	Supports customizable data deletion, retention, and export policies

These controls are continually reviewed and improved based on internal audits and user feedback.

User responsibilities

While we provide the tools, it's up to each organization to:

Ensure correct configuration of roles and access controls
Conduct assessments using the tools provided
Monitor vendor performance and risk proactively
Maintain compliance with any local or sector-specific regulations

We recommend regularly reviewing your internal policies and ensuring they align with your Vendorapp usage.

Need help?

If you have specific compliance questions or need to demonstrate regulatory alignment to auditors or customers, we're here to support you. You can reach out to us at support@vendorapp.co.