Concrete controls for sensitive satellite operations.
Vega protects customer data with encryption, tenant isolation, access controls, audit trails, and privacy commitments your security team can review.
Security controls are built into the operating surface.
Vega is designed for operators who need clear boundaries around access, infrastructure, monitoring, and customer data.
Encryption in transit and at rest
All data is encrypted via TLS in transit. Database backups and stored data are encrypted at rest.
Logical tenant isolation
Path-based multi-tenant isolation keeps customer data separate from every other account with no shared queries or cross-tenant reads.
Role-based access control
Granular permissions ensure users only access the data and features appropriate to their role.
Multi-factor authentication
TOTP-based two-factor authentication with encrypted backup codes is available on every account.
Comprehensive audit logging
Every account access and action is logged for security monitoring and incident response.
Infrastructure protection
DDoS mitigation, a web application firewall, and forced HTTPS with strict transport security headers sit in front of every endpoint.
Your operational records stay yours.
Satellite configurations, ground-station parameters, and operational records remain customer-owned while Vega provides the security controls around them.
Customer ownership
You retain ownership of the data you submit. Vega does not claim ownership of the underlying records you bring to the platform.
Aggregation and anonymization
We may generate derived data from anonymized and aggregated technical inputs to improve prediction models. Derived data cannot be traced back to individual accounts.
Retention and deletion
Active account data persists while your account is active. Deleted data becomes immediately inaccessible, and personal information can be removed on request. Aggregated or de-identified derived data may be retained as described in our Terms of Service.
Payment security
ACH and credit card information is submitted directly to Stripe, our PCI-DSS Level 1 certified payment processor. No card data touches Vega servers.
Privacy rights are explicit.
Vega gives customers concrete rights over personal data and does not sell personal information to third parties.
Right to access
Obtain information about the personal data we hold.
Right to correction
Request correction of inaccurate information.
Right to erasure
Request deletion from our systems.
Right to portability
Receive your data in a portable format.
Right to restrict processing
Request limits on how we use your data.
No data sales
We never sell your personal information to third parties. Never have, never will.
Aligned with the frameworks your team expects.
Vega separates the controls available today from the certifications we are actively working toward.
Available today
- GDPR data subject rights honored for EU and UK users
- CCPA service-provider posture with no sale of personal data
- PCI DSS handled through Stripe, a PCI-DSS Level 1 provider
In progress
- SOC 2 Type II covering security, availability, and confidentiality
- CMMC readiness for defense supply-chain compliance
- Security evidence package for customer review
Disclosure
- Reports acknowledged within 24-48 hours
- Regular updates during investigation
- Responsible researchers credited when appropriate