Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to the VTEX Trust Center — where transparency meets accountability.

At VTEX, trust is the foundation of everything we build. Our platform is designed with security, privacy, and compliance by design, aligned with international standards like ISO 27001, SOC 1 Type II, SOC 2 Type II, PCI DSS, GDPR, LGPD, CCPA, and more. We integrate robust governance, risk management, secure development practices, and data protection into every layer of our operations to deliver a resilient and transparent commerce experience. Through industry-recognized compliance validations, proactive incident response, and customer-centric privacy tools, we ensure that you — and your shoppers — can grow confidently with VTEX. This Trust Center is your gateway to everything we do to earn and maintain your trust, every day.

Remember, #WeAreTrusted.

ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
SOC 1 Type 2 Logo
SOC 1 Type 2
SOC 2 Type 2 Logo
SOC 2 Type 2
GDPR Logo
GDPR
EU-US DPF Logo
EU-US DPF
Swiss-US DPF Logo
Swiss-US DPF
UK Extension to EU-US DPF Logo
UK Extension to EU-US DPF
CCPA Logo
CCPA
CPRA Logo
CPRA
HIPAA Logo
HIPAA
ISO 27701 Logo
ISO 27701
LGPD Logo
LGPD
PIPEDA Logo
PIPEDA
SOX Logo
SOX
J.W. Pepper-company-logoJ.W. Pepper
Worldwide Golf-company-logoWorldwide Golf
U.S. Electrical Services-company-logoU.S. Electrical Services
Al's-company-logoAl's
Stanley Black & Decker-company-logoStanley Black & Decker
L3Harris-company-logoL3Harris
Nestlé-company-logoNestlé
Electrolux-company-logoElectrolux
Coca-Cola-company-logoCoca-Cola
Carrefour-company-logoCarrefour
Walmart-company-logoWalmart
Vans-company-logoVans

Documents

COMPLIANCEISO 27001
Audit Logging
Data Security
Data Security Standards
View more
Knowledge Base (FAQ)
    Does VTEX have a pentest calendar? What is the frequency of tests?
    Are VTEX information security controls audited by third-party companies? What certifications does VTEX have?
    Are information security policies and controls contractually applied to third-party providers?
    Does the company have a data protection and privacy policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?
    Does VTEX have an information security policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?
View more