Built to be trusted with payment data.
Verdikt processes some of the most sensitive signals in commerce. Security is not a checklist for us; it is the product working as intended.
SOC 2 Type II
Independently audited controls for security, availability and confidentiality, renewed annually.
PCI DSS Level 1
The highest level of payment card industry certification, covering our full processing environment.
GDPR & CCPA
Privacy-by-design processing with a signed DPA, SCCs for transfers and regional data residency options.
ISO 27001 aligned
Information security management aligned to ISO 27001 practices across the organisation.
Encryption
All data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Payment instruments are tokenised before they reach our models; we never store full card numbers. Encryption keys are managed in a hardware-backed KMS with automatic rotation.
Access control
Production access follows least privilege and is gated by SSO with hardware-key MFA. All access is logged, reviewed and revoked automatically when roles change. Customer data is logically isolated per tenant, and enterprise plans can add dedicated infrastructure.
Infrastructure & monitoring
Verdikt runs across multiple availability zones with automated failover and a 99.99% decisioning uptime SLA on enterprise plans. We run continuous vulnerability scanning, an annual third-party penetration test, and 24/7 monitoring with a staffed on-call rotation.
Data residency & retention
Enterprise customers choose EU, US or APAC data residency. Detailed transaction signals are retained for up to 24 months for model integrity, then aggregated or anonymised. Deletion requests are honoured in line with our Privacy Policy.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability in a Verdikt service, email [email protected] with enough detail to reproduce. We acknowledge reports within 48 hours, keep you updated through remediation, and do not pursue good-faith research.
Need the full security package?
SOC 2 report, penetration test summary, DPA and subprocessor list are available under NDA for teams in procurement.