Built for the systems you can't afford to leak.
Vavan connects to your CRM, ERP, and operational systems — so security isn't a feature, it's the foundation. Here is exactly how your data is protected, and where our compliance program stands today.
Security enforced in the architecture, not bolted on.
These are not policies layered on after the fact — they are enforced in the data model itself.
The shared market layer (Vavan World) is built only from public sources. Your accounts, contracts, pricing, and deal history never enter it — and are never exposed to another customer.
Each customer operates in its own organization. Your integration credentials — CRM, ERP, and tool keys — are stored per-organization and encrypted, never in shared application config.
Row-level security enforces that each rep sees only their assigned accounts. Read-only roles and scoped permissions apply defense-in-depth across the database.
All traffic runs over TLS; data is encrypted at rest on managed Postgres infrastructure with continuous backups and point-in-time recovery.
Two-factor authentication by authenticator app, text message, or email code — and administrators can require it across the entire organization.
Owners govern billing and what admins can do; admins manage users and integrations; members manage only themselves. Sensitive settings never render for roles that shouldn’t hold them.
We don't claim certifications we don't hold.
Vavan runs a formal security program and continually invests in hardening the platform. We will publish independent certifications when they are earned — not before. In the meantime, the platform is built on cloud infrastructure that is itself independently audited.
Built on managed Postgres and edge hosting from providers that maintain their own independent security attestations and enterprise security programs.
Baseline established and hardening in progress across access, encryption, and monitoring. Diligence materials available under NDA.
Report a security issue to info@vavan.co. We respond to good-faith reports promptly.
Send us your security questionnaire.
We will walk your IT and security stakeholders through organization isolation, data governance, access controls, and our compliance roadmap — and answer the questionnaire in full.