Documentation Index
Fetch the complete documentation index at: https://docs.veri.studio/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Security and compliance are active workstreams for Veri.SOC 2 Status
Veri is currently in the SOC 2 process. We are building the controls and documentation needed for the audit path but are not yet SOC 2 certified.Current Security Controls
- User resources are scoped by ownership checks on all records
- API keys are SHA-256 hashed server-side with
vk_prefix format - Sensitive credentials (dataset connections, SSH keys) are encrypted at rest using AES via Fernet
- Billing and credit flows are tracked through Stripe with idempotent deductions
- Production deployment enforces strong keys, encrypted connections, and signed requests
- CI/CD pipeline includes automated tests, coverage, and security scanning
- Rate limiting per API principal
- CORS allowlist (not wildcard)
- Request ID tracing and API request logging for audit
Still In Progress
- API gateway / WAF in front of the control plane
- API key anomaly detection
- Zero data retention mode (S3 lifecycle policies)
- Security review of all external-facing routes