> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance & certifications

> Where VendexLabs stands on security frameworks and third-party audits.

We aim to be exact about our compliance posture — the same standard of evidence we help our customers demand of their vendors. Here's where we stand today.

<Info>
  **Last updated: June 20, 2026.**
</Info>

## CSA STAR Level 1 (self-assessment)

VendexLabs completes the Cloud Security Alliance's **Consensus Assessments Initiative Questionnaire (CAIQ)** as a **CSA STAR Level 1 self-assessment**: a structured self-review against the CSA's Cloud Controls Matrix.

<Warning>
  A **Level 1** entry is a **self-assessment**, not a third-party audit. No external auditor is involved and no certification is issued. It exists to give prospective customers a consistent, comparable view of our controls.
</Warning>

Our completed CAIQ is **available upon request** — email [security@vendexlabs.com](mailto:security@vendexlabs.com).

## Audited certifications

VendexLabs does **not** currently hold SOC 2, ISO 27001, or other third-party-audited certifications.

If your procurement process requires one, we're happy to talk through our roadmap and timelines. Contact [security@vendexlabs.com](mailto:security@vendexlabs.com).

## What we can share today

| Item                                    | Status         | How to get it                                                                 |
| --------------------------------------- | -------------- | ----------------------------------------------------------------------------- |
| CAIQ / CSA STAR Level 1 self-assessment | Available      | Request via [security@vendexlabs.com](mailto:security@vendexlabs.com)         |
| Security overview                       | Published      | [Security overview](/trust/security)                                          |
| Privacy policy                          | Published      | [vendexlabs.com/privacy](https://vendexlabs.com/privacy)                      |
| SOC 2 / ISO 27001                       | Not held today | Discuss roadmap via [security@vendexlabs.com](mailto:security@vendexlabs.com) |

<Note>
  We update this page as our compliance program evolves. For the current state and timelines, reach out directly rather than relying on a cached copy.
</Note>
