Security
How we approach security at Vanta SDK.
Secure by Design
Single-use challenges prevent replay attacks. Payment proofs are cryptographically signed and verified on-chain. No sensitive data is stored.
No Private Keys
Vanta SDK never handles private keys. All signing happens in the user's wallet. Servers only verify—they never control funds.
Open Source
All code is open source and auditable. We encourage security researchers to review our implementation.
Responsible Disclosure
Found a vulnerability? Email security@vantasdk.dev. We respond within 24 hours and offer bug bounties for qualifying reports.
Security Contact
security@vantasdk.dev
PGP key available on request.