Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Welcome to the VTEX Trust Center — where transparency meets accountability.

At VTEX, trust is the foundation of everything we build. Our platform is designed with security, privacy, and compliance by design, aligned with international standards like ISO 27001, SOC 1 Type II, SOC 2 Type II, PCI DSS, GDPR, LGPD, CCPA, and more. We integrate robust governance, risk management, secure development practices, and data protection into every layer of our operations to deliver a resilient and transparent commerce experience. Through industry-recognized compliance validations, proactive incident response, and customer-centric privacy tools, we ensure that you — and your shoppers — can grow confidently with VTEX. This Trust Center is your gateway to everything we do to earn and maintain your trust, every day.

Remember, #WeAreTrusted.

Compliance

ISO/IEC 27001 Logo
ISO/IEC 27001
PCI DSS Logo
PCI DSS
SOC 1 Type 2 Logo
SOC 1 Type 2
SOC 2 Type 2 Logo
SOC 2 Type 2
GDPR Logo
GDPR
EU-US DPF Logo
EU-US DPF
Swiss-US DPF Logo
Swiss-US DPF
UK Extension to EU-US DPF Logo
UK Extension to EU-US DPF
CCPA Logo
CCPA
CPRA Logo
CPRA
HIPAA Logo
HIPAA
ISO/IEC 27701 Logo
ISO/IEC 27701
LGPD Logo
LGPD
PIPEDA Logo
PIPEDA
SOX Logo
SOX

VTEX is reviewed and trusted by

J.W. Pepper-company-logoJ.W. Pepper
Worldwide Golf-company-logoWorldwide Golf
U.S. Electrical Services-company-logoU.S. Electrical Services
Al's-company-logoAl's
Stanley Black & Decker-company-logoStanley Black & Decker
L3Harris-company-logoL3Harris
Nestlé-company-logoNestlé
Electrolux-company-logoElectrolux
Coca-Cola-company-logoCoca-Cola
Carrefour-company-logoCarrefour
Walmart-company-logoWalmart
Vans-company-logoVans

Documents

COMPLIANCEISO/IEC 27001
COMPLIANCEPCI DSS
COMPLIANCESOC 1 Type 2
COMPLIANCESOC 2 Type 2
LEGALEnd User Licensing Agreement
LEGALGeneral External Privacy Notice
LEGALPrivacy Notice for Shoppers
COMPLIANCE AND INTEGRITY PROGRAMAnti-Bribery and Anti-Corruption
COMPLIANCE AND INTEGRITY PROGRAMAnti-Competitive Practices
COMPLIANCE AND INTEGRITY PROGRAMAnti-Money Laundering
COMPLIANCE AND INTEGRITY PROGRAMCode of Ethics
COMPLIANCE AND INTEGRITY PROGRAMGifts and Hospitality

Product Security

Audit Logging
Data Security
Data Security Standards
View more

icon

Vulnerability Management

Platform Customizations
Scan Frequency

Privacy & Data Protection

Cookies
Data Extraction
Data Into System
View more

Legal

SubprocessorsAmazon Web Services (AWS)-company-logo
Customer Audits
Cyber Insurance
View more

icon

Platform Security

Anomaly Detection
API-first
HTTPS
View more

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Responsible Disclosure
Bot Detection
Code Analysis

AI

AI Governance
AI Monitoring
AI Risk Management
View more

Compliance and Integrity Program

Anti-Bribery and Anti-Corruption
Anti-Competitive Practices
Anti-Money Laundering
View more

Access Control

Access Management Policy
Data Access
Internal Single-Sign-On (SSO)
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response

Network Security

Data Loss Prevention
DNSSEC
Firewall

Corporate Security

Asset Management Practices
Email Protection
Employee Training

Policies

Acceptable Use Policy
Access Management Guideline
Backup Guideline
View more

Incident Response

Data Protection
Incident Reporting Plan
Pentest
View more

icon

Log Auditing

Access to Log Records
Log Record

Asset Management

Asset Inventories (Hardware/Software)
Critical Assets
Secure Asset Disposal

BC/DR

Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)

Training

Phishing Training
Secure Development Training
Security Awareness Training
View more

Physical & Environment

Data Center Location
Data Center Protection
Devices and Equipments

icon

Secure Development

Best Practices
Secure Coding Guidelines
Segregation of Environments
View more
Knowledge Base (FAQ)
  • Does VTEX have a pentest calendar? What is the frequency of tests?
  • Are VTEX information security controls audited by third-party companies? What certifications does VTEX have?
  • Are information security policies and controls contractually applied to third-party providers?
  • Does the company have a data protection and privacy policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?
  • Does VTEX have an information security policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?
View more