V
Venti Scale
SECURITY & TRUST

How we protect your data

Last updated: 2026-04-10

We take security seriously. Venti Scale is built for brands that care about how their data is handled, stored, and accessed. This page explains the concrete steps we take to keep your data safe, who can see it, where it lives, and how you can get it out of our system at any time.

1. Data encryption

Every connection to the Venti Scale website and client portal uses TLS 1.3. No client data is ever transmitted in plain text. At rest, your data is encrypted using AES-256 inside our database and storage layers. Database backups are encrypted with the same standard.

2. Access control

Each client workspace is fully isolated. Row-level security at the database layer guarantees that one client cannot access another client's data, even if a misconfiguration happened at the application layer. Inside your organization, you control who gets invited and what they can see.

On our side, only Dustin Gilmour (founder) and authorized engineers have administrative database access. All admin access is logged and reviewed. We do not access client data unless required for support, and only with the client's permission.

3. Infrastructure

The Venti Scale portal runs on infrastructure used by Fortune 500 companies:

  • Vercel hosts the website and application. Vercel is SOC 2 Type II and ISO 27001 certified.
  • Supabase provides our Postgres database, authentication, and file storage. Supabase is SOC 2 Type II and HIPAA-ready.
  • Network traffic is protected with DDoS filtering and bot mitigation at the edge.

4. Data ownership

Your data is your data. At any time you can request a full export of everything inside your workspace in standard formats (CSV, JSON, PDF). You can also request deletion of your account and all associated data, which we process within 30 days. There is no lock-in, and we never hold your data hostage.

We do not sell your data. We do not share it with advertisers, data brokers, or third parties beyond the service providers we need to run the platform (Vercel, Supabase, Google Workspace). We do not use client data to train AI models, ours or anyone else's.

5. Incident response

If we ever detect a security incident that affects your data, we follow a documented response plan:

  • Contain the incident and stop ongoing access
  • Investigate the scope and the affected data
  • Notify affected clients directly by email within 72 hours of confirming an incident
  • Provide a plain-English writeup of what happened and what we are doing about it
  • Patch the underlying cause and document the fix

Security researchers are welcome. If you discover a vulnerability, email hello@ventiscale.com with details. We respond within 48 hours and work in good faith with reporters who follow responsible disclosure practices.

6. Contact

Questions about security, our data handling, or to request our Data Processing Addendum (DPA): email hello@ventiscale.com. We answer within 48 hours.