Security
How VendorQueue protects your vendor documents.
Encryption at rest and in transit, role-based access, audit logging, and OpenAI API data handling for document extraction.
| Control | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ for all web and API traffic |
| Encryption at rest | AES-256 for uploaded documents and extracted fields |
| Access control | Role-based · procurement, security, legal, admin · SSO on Scale tier |
| Document storage | US region default · EU region on Scale tier |
| Audit logging | Immutable log of access, extraction, and approval events |
| OpenAI API handling | Document text sent for extraction · zero retention API mode · no model training |
| Data deletion | Workspace deletion removes uploads within 30 days |
| Subprocessors | AWS · OpenAI · listed at vendorqueue.com/security/subprocessors |