Trust Center

Start your security review

View & download sensitive information

Ask for information

Search items

Overview

Welcome to the VTEX Trust Center — where transparency meets accountability.

At VTEX, trust is the foundation of everything we build. Our platform is designed with security, privacy, and compliance by design, aligned with international standards like ISO 27001, SOC 1 Type II, SOC 2 Type II, PCI DSS, GDPR, LGPD, CCPA, and more. We integrate robust governance, risk management, secure development practices, and data protection into every layer of our operations to deliver a resilient and transparent commerce experience. Through industry-recognized compliance validations, proactive incident response, and customer-centric privacy tools, we ensure that you — and your shoppers — can grow confidently with VTEX. This Trust Center is your gateway to everything we do to earn and maintain your trust, every day.

Remember, #WeAreTrusted.

Compliance

UK Extension to EU-US DPF

VTEX is reviewed and trusted by

Nestlé

Electrolux

Coca-Cola

Carrefour

Walmart

Vans

Documents

COMPLIANCEISO 27001

COMPLIANCEPCI DSS

COMPLIANCESOC 1 Type 2

COMPLIANCESOC 2 Type 2

LEGALEnd User Licensing Agreement

LEGALGeneral External Privacy Notice

LEGALPrivacy Notice for Shoppers

COMPLIANCE AND INTEGRITY PROGRAMAnti-Bribery and Anti-Corruption

COMPLIANCE AND INTEGRITY PROGRAMAnti-Competitive Practices

COMPLIANCE AND INTEGRITY PROGRAMAnti-Money Laundering

COMPLIANCE AND INTEGRITY PROGRAMCode of Ethics

COMPLIANCE AND INTEGRITY PROGRAMGifts and Hospitality

Product Security

Audit Logging

Data Security

Data Security Standards

Vulnerability Management

Platform Customizations

Scan Frequency

Privacy & Data Protection

Data Extraction

Data Into System

Legal

Subprocessors

Customer Audits

Cyber Insurance

Platform Security

Anomaly Detection

API-first

HTTPS

Data Security

Access Monitoring

Data Backups

Data Erasure

App Security

Responsible Disclosure

Bot Detection

Code Analysis

AI

AI Governance

AI Monitoring

AI Risk Management

Compliance and Integrity Program

Anti-Bribery and Anti-Corruption

Anti-Competitive Practices

Anti-Money Laundering

Access Control

Access Management Policy

Data Access

Internal Single-Sign-On (SSO)

Infrastructure

Status Monitoring

Amazon Web Services

Anti-DDoS

Endpoint Security

Disk Encryption

DNS Filtering

Endpoint Detection & Response

Network Security

Data Loss Prevention

DNSSEC

Firewall

Corporate Security

Asset Management Practices

Email Protection

Employee Training

Policies

Acceptable Use Policy

Access Management Guideline

Backup Guideline

Incident Response

Data Protection

Incident Reporting Plan

Pentest

Log Auditing

Access to Log Records

Log Record

Asset Management

Asset Inventories (Hardware/Software)

Critical Assets

Secure Asset Disposal

BC/DR

Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP)

Training

Phishing Training

Secure Development Training

Security Awareness Training

Physical & Environment

Data Center Location

Data Center Protection

Devices and Equipments

Secure Development

Best Practices

Secure Coding Guidelines

Segregation of Environments

Knowledge Base (FAQ)

Does VTEX have a pentest calendar? What is the frequency of tests?

Are VTEX information security controls audited by third-party companies? What certifications does VTEX have?

Are information security policies and controls contractually applied to third-party providers?

Does the company have a data protection and privacy policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?

Does VTEX have an information security policy? If yes, how often is it reviewed? Has the policy been distributed and communicated to the entire company?