Security you can explain to a
client—and defend later
Veridue is built for compliance workflows, which means security isn't a checkbox—it's part of the evidence trail. This page separates what's live today from what's planned, so you can trust the claims.
What we protect
Metadata
Entity names, jurisdictions, and schedules.
Evidence
Receipts, confirmations, and exports.
History
Activity logs of who did what, when.
Security Posture (Current)
Access & Identity
- Role-Based AccessOwner / Admin / Operator / Viewer roles enforced at the tenant level.
- Tenant IsolationEach tenant's data is logically isolated to prevent cross-account leakage.
Data Protection
- Encryption in TransitAll traffic secured via TLS 1.2+.
- Encryption at RestService-managed encryption for database and object storage.
Auditability
- Immutable-style EventsKey compliance actions are logged as append-only events.
- Proof Pack LinkingOutputs link back to the specific rule version used at the time of generation.
Planned / Roadmap
We are transparent about what we are building next. These features are on our roadmap but not yet live.
SSO / SAML
For partner workspaces and multi-tenant operators.
WORM Retention
Hardware-enforced tamper-resistant evidence retention.
SOC 2 Assurance
External audit reporting (targeted as product maturity scales).
Shared Responsibility
Veridue secures the platform, infrastructure, and application code. You are responsible for securing your user access (strong passwords, MFA) and vetting the evidence files you choose to upload.
Frequently Asked Questions
Do you sell data?
No.
Do you provide legal advice?
No—Veridue orchestrates deadlines and evidence; it is not a law firm.