Trust Center

Start your security review

View & download sensitive information

Overview

Validity’s platform helps organizations trust their data, marketing campaigns, and customer communications. We believe the best way to earn trust is through transparency and by demonstrating that we follow the practices we advocate. That’s why we take a security-first approach in everything we do. From securing our cloud infrastructure to monitoring systems and maintaining compliance under SOC 2 and ISO 27001 frameworks, security and privacy are core values that guide our business.

This Trust Center provides resources and artifacts to show how we protect data, maintain compliance, and uphold privacy standards. For any questions not addressed here, please contact us via the help section at the bottom of this page.

Compliance

Standard Contractual Clause (SCC)

BriteVerify

SOC 2 Type 2 report

BriteVerify PenTest LoA

BriteVerify Security White Paper

DemandTools

DemandToolsV Security White Paper

DemandToolsV PenTest LoA

DemandTools Elements PenTest LoA

Everest

SOC 2 Type 2 report

Multi-Factor Authentication

SSO Support

GridBuddy Connect

GridBuddy Connect Security White Paper

GridBuddy Connect PenTest LoA

GridBuddy Connect SIG Lite

Litmus

Litmus SOC 2 Type 2 report

Litmus PenTest LoA

Litmus Security White Paper

Mailcharts

MailCharts PenTest LoA

MailCharts Security White Paper

ISO 27001 & 27701

ISO 27001 & 27701 certificate

Access Control

We maintain a rigorous, policy‑driven access control program designed to ensure that only authorized personnel can access our systems and data. All access is provisioned based on least privilege, continuously reviewed, and monitored for adherence to security and compliance requirements. We are happy to provide additional details about our access control practices upon request.

App Security

Application Penetration Testing

Secure Development Training

Software Bill of Materials (SBOM)

Corporate Security

We maintain a strong Corporate Security program designed to protect our people, facilities, and internal operations. Our controls include secure facility access management, employee background verification, mandatory security awareness training, and clear policies governing safe and responsible workplace practices. Our Corporate Security standards are continuously reviewed and strengthened to align with evolving threats and industry best practices. Additional details about our internal security measures are available upon request.

Data Privacy

Data Processing Addendum

Subprocessors

Data Security

Data Erasure

Encryption-at-rest

Encryption-in-transit

Endpoint Security

Anti-Malware

Disk Encryption

DNS Filtering

Infrastructure

We leverage best‑in‑class, security‑focused infrastructure providers to deliver highly reliable and protected computing and storage environments. Our DevSecOps implementation includes rigorous physical, network, and operational safeguards, enabling us to maintain strong security, availability, and resilience across our services. We are happy to provide additional details about our infrastructure and supporting controls upon request.

Legal

Data Processing Agreement

Network Security

We maintain a defense‑in‑depth network security architecture designed to protect our corporate and cloud environments from both external and internal threats. Our cloud infrastructure leverages native security controls to enforce strict segmentation, minimize exposure, and provide continuous threat monitoring. These controls are supplemented with centralized logging, intrusion detection capabilities, and automated alerting to ensure rapid detection and response. We are happy to provide additional details about our network security practices upon request

Policies

We maintain a comprehensive Information Security Management System (ISMS) built on internationally recognized standards, including ISO 27001, ISO 27701, and the AICPA SOC 2 Trust Services Criteria. Our policies are developed in partnership with security and compliance experts to ensure they align with industry best practices and regulatory requirements. The ISMS provides formal governance over security, privacy, risk management, and operational controls to protect our systems and data throughout their lifecycle. We are happy to provide additional details about our policy framework and supporting processes upon request.

Product Security

We design our products with security and privacy as core principles, incorporating enterprise‑grade capabilities such as granular access control, single sign‑on (SSO), and robust authentication and authorization mechanisms. Each product undergoes rigorous security reviews throughout its development lifecycle to ensure resilience, privacy, and compliance with industry best practices. Detailed information about the specific security features available in each offering can be found directly within the corresponding product card.

Documents

LEGALCyber Insurance

MAILCHARTSMailCharts PenTest LoA

MAILCHARTSMailCharts Security White Paper

BRITEVERIFYBriteVerify PenTest LoA

BRITEVERIFYBriteVerify Pre-NDA Security FAQ

BRITEVERIFYBriteVerify Security White Paper

BRITEVERIFYBriteVerify SIG Lite

DEMANDTOOLSDemandTools Elements PenTest LoA

DEMANDTOOLSDemandTools Elements Security FAQ

DEMANDTOOLSDemandTools Elements Security White Paper

DEMANDTOOLSDemandTools Elements SIG Lite

DEMANDTOOLSDemandToolsV PenTest LoA

Knowledge Base (FAQ)

Explain Validity's audit standards and commitments.
Is there a management oversight process covering all security and privacy matters?
Explain Validity's incident response process (IRP).
What is Validity's change management procedure?
What disaster recovery plan (DRP) practices are in place?

If you need help using this Trust Center, please contact us.

Contact support