Trust Center

Start your security review
Search items
ControlK

Overview

Vercel is the platform for frontend developers, providing the speed and reliability innovators need to create at the moment of inspiration.

We enable teams to iterate quickly and develop, preview, and ship delightful user experiences. Vercel has zero-configuration support for 35+ frontend frameworks and integrates with your headless content, commerce, or database of choice.

Compliance

CCPA Logo
CCPA
CPRA Logo
CPRA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Start your security review

Vercel is reviewed and trusted by

Under Armour-company-logoUnder Armour
HashiCorp-company-logoHashiCorp
Adobe-company-logoAdobe
The Washington Post-company-logoThe Washington Post
Okta-company-logoOkta

Documents

Network Diagram
PCI DSS
Pentest Report
SOC 2 Report
ISO 27001
Cyber Insurance
Acceptable Use Policy
Business Continuity Policy
General Incident Response Policy
Information Security Policy
Other Policies

Risk Profile

Impact LevelSubstantial
Critical DependenceYes
Third Party DependenceYes
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
PCI DSS
Pentest Report
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Bot Detection
Code Analysis
View more

Data Privacy

Data Breach Notifications
Employee Privacy Training

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
Spoofing Protection
Virtual Private Cloud
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

SecurityScorecard
Vercel
Security Scorecard A grade
HSTS Preload List
Vercel.com
Qualys SSL Labs
vercel.com
A+
vercel.app

Trust Center Updates

PCI DSS Attestation of Compliance

ComplianceCopy link

We’re pleased to announce that we recently completed our Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers! Our SAQ-D AOC report is available for download. For more information, see our blog post at https://vercel.com/blog/pci-compliance-for-ecommerce-teams.

Published at N/A

Rapid Reset Attack Vulnerability

VulnerabilitiesCopy link

A new vulnerability, known as the HTTP/2 Rapid Reset Attack (CVE-2023-44487), has the potential to disrupt HTTP/2-enabled web servers. It can be used to launch large denial-of-service attacks, negatively affecting performance and availability.

Vercel has taken proactive steps to refine our infrastructure and strengthen our defenses. Our improved system can now more efficiently handle the HTTP/2 Rapid Reset Attack to protect your web assets.

We're committed to consistently improving our security measures in response to new threats to ensure safety and reliability for all users. Further detail is available at https://vercel.com/changelog/strengthening-vercels-infrastructure-against-http-2-rapid-reset-attacks.

Published at N/A

ISO 27001:2013 Certification

ComplianceCopy link

Vercel is pleased to announce that we recently completed our ISO 27001:2013 certification! Our ISO 27001 certificate is available for download. For more information, see our blog post at https://vercel.com/blog/vercel-iso-27001-security.

We also updated our Policies and 2023 SOC 2 Type 2 Report for download.

Published at N/A

2023 SOC 2 Type 2 Report

ComplianceCopy link

Vercel's SOC 2 Type 2 report is now available for download. This audit was completed by Schellman and Company LLC and covers our audit period July 1, 2022 to June 30, 2023.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo