Security & Trust

Vega is built with enterprise-grade security controls. Customer environments are fully isolated.

Platform Security

Encryption in Transit & at Rest

All data is encrypted via TLS in transit. Database backups and stored data are encrypted at rest.

Logical Tenant Isolation

Path-based multi-tenant isolation ensures your data is completely separate from other customers.

Role-Based Access Control

Granular permissions ensure users only access the data and features appropriate to their role.

Multi-Factor Authentication

TOTP-based two-factor authentication with encrypted backup codes available for all accounts.

Comprehensive Audit Logging

All account access and actions are logged for security monitoring and incident response.

Infrastructure Protection

DDoS mitigation, web application firewall, and forced HTTPS with strict transport security headers.

Data Handling

Customer Data Ownership

You retain ownership of the raw data you submit to Vega, including satellite configurations, ground station parameters, and analysis inputs and outputs. We do not claim ownership of your underlying satellite, ground station, or operational records.

Aggregation & Anonymization

We may generate derived data from anonymized and aggregated technical data to improve our prediction models. Derived data is stripped of all customer identifiers and cannot be traced back to any individual account. Sensitive or proprietary data is perturbed and rounded before aggregation. We do not use your account activity, satellite tracking selections, or platform usage patterns for these purposes.

Data Retention & Deletion

Active account data is retained while your account is active. When you delete data, it becomes immediately inaccessible. Account owners can request full data deletion at any time — we honor requests and remove personal information including name, email, and billing details. Aggregated or de-identified derived data may be retained as described in our Terms of Service.

Payment Security

ACH and credit card information is submitted directly to Stripe, our PCI-DSS Level 1 certified payment processor, and never touches Vega servers. We store only the last 4 digits of card numbers and masked bank account details for billing reference.

Your Privacy

  • Right to Access — Access and obtain information about your personal data at any time
  • Right to Correction — Request correction of any inaccurate personal information
  • Right to Erasure — Request deletion of your personal information from our systems
  • Right to Portability — Receive your data in a portable format and transfer it to another party
  • Right to Restrict Processing — Request restrictions on how your personal data is used or processed
  • No Data Sales — We never sell your personal information to third parties, never have, never will

Compliance

GDPR Compliant

GDPR

We honor GDPR data subject rights for all EU and UK users in accordance with applicable regulations.

CCPA Compliant

CCPA

Under the California Consumer Privacy Act, Vega operates as a "service provider" — we process data only for the purpose you signed up for and do not sell it.

PCI DSS Compliant

PCI DSS

Payment processing handled by Stripe, a PCI-DSS Level 1 certified provider. No card data ever touches our servers.

SOC 2 Type II COMING SOON

SOC 2 Type II

We are working toward SOC 2 Type II certification for security, availability, and confidentiality.

CMMC COMING SOON

CMMC

We are working toward Cybersecurity Maturity Model Certification for defense supply chain compliance.

Responsible Disclosure

Found a security issue? We welcome responsible disclosure from security researchers. Report vulnerabilities via the feedback button on any page (select "Security / privacy") or email support@vega.space with subject line starting with "Vulnerability:".

We acknowledge reports within 24-48 hours, provide regular updates, and credit researchers who follow responsible disclosure practices. See our Security Overview for full details.

Learn More

Security Overview

Detailed technical security measures including authentication, infrastructure, and payment security.

Privacy Policy

What we collect, how we handle it, and your rights with respect to your data.

Terms of Service

Service agreements, data licensing, usage policies, and user responsibilities.