Trust Center

Start your security review
Search items
ControlK

Vercel is the platform for frontend developers, providing the speed and reliability innovators need to create at the moment of inspiration.

We enable teams to iterate quickly and develop, preview, and ship delightful user experiences. Vercel has zero-configuration support for 35+ frontend frameworks and integrates with your headless content, commerce, or database of choice.

Start your security review
Under Armour-company-logoUnder Armour
HashiCorp-company-logoHashiCorp
Adobe-company-logoAdobe
The Washington Post-company-logoThe Washington Post
Okta-company-logoOkta

Documents

HIPAA Report

Trust Center Updates

Subprocessor Update

SubprocessorsCopy link

Vercel has updated our subprocessor list. We have added the following subprocessor: Civilized Discourse Construction Kit Inc. (USA) for community support and communication services.

This third-party data processor, engaged by Vercel to provide services in accordance with your instructions, has been evaluated as part of Vercel’s third-party risk management process. If you have any questions or concerns about this subprocessor change, please do not hesitate to contact us at privacy@vercel.com.

Published at N/A

Data Privacy Framework Certification

ComplianceCopy link

We’re pleased to announce that we are certified under the Data Privacy Framework. This achievement demonstrates that Vercel provides adequate data protection for the transfer of personal data outside of the EU, UK, and Switzerland. To view our public listing, visit dataprivacyframework.gov.

For more information, see our changelog at https://vercel.com/changelog/vercel-is-now-certified-under-the-eu-us-data-privacy-framework-dpf.

Published at N/A

HIPAA Compliance

ComplianceCopy link

We’re pleased to announce that we recently completed an independent third-party report to ensure that we support compliance with the HIPAA Security Rule and HITECH Breach Notification Requirements as a Business Associate. Our HIPAA report is available for download. For more information, see our blog post at https://vercel.com/blog/vercel-supports-hipaa-compliance.

Published at N/A

Subprocessor Update

SubprocessorsCopy link

Vercel has updated our subprocessor list. We have removed the following subprocessor: Planhat AB (Sweden) and added the following subprocessors:

  • Github Inc. (USA) for community support and communication services
  • Kasada Inc. (USA) for fraud prevention services

These third-party data processors, engaged by Vercel to provide services in accordance with your instructions, have been evaluated as part of Vercel’s third-party risk management process. If you have any questions or concerns about these subprocessor changes, please do not hesitate to contact us at privacy@vercel.com.

Published at N/A

PCI DSS Attestation of Compliance

ComplianceCopy link

We’re pleased to announce that we recently completed our Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers! Our SAQ-D AOC report is available for download. For more information, see our blog post at https://vercel.com/blog/pci-compliance-for-ecommerce-teams.

Published at N/A

Rapid Reset Attack Vulnerability

VulnerabilitiesCopy link

A new vulnerability, known as the HTTP/2 Rapid Reset Attack (CVE-2023-44487), has the potential to disrupt HTTP/2-enabled web servers. It can be used to launch large denial-of-service attacks, negatively affecting performance and availability.

Vercel has taken proactive steps to refine our infrastructure and strengthen our defenses. Our improved system can now more efficiently handle the HTTP/2 Rapid Reset Attack to protect your web assets.

We're committed to consistently improving our security measures in response to new threats to ensure safety and reliability for all users. Further detail is available at https://vercel.com/changelog/strengthening-vercels-infrastructure-against-http-2-rapid-reset-attacks.

Published at N/A

ISO 27001:2013 Certification

ComplianceCopy link

Vercel is pleased to announce that we recently completed our ISO 27001:2013 certification! Our ISO 27001 certificate is available for download. For more information, see our blog post at https://vercel.com/blog/vercel-iso-27001-security.

We also updated our Policies and 2023 SOC 2 Type 2 Report for download.

Published at N/A

2023 SOC 2 Type 2 Report

ComplianceCopy link

Vercel's SOC 2 Type 2 report is now available for download. This audit was completed by Schellman and Company LLC and covers our audit period July 1, 2022 to June 30, 2023.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo