Your Data. Protected with Enterprise-Grade Security.
We handle sensitive startup information and evaluation workflows. Here's how we approach access, transport, monitoring, and responsible disclosure today.
Multi-Layer Data Protection
Evaluation data moves through protected transport and access-controlled systems designed for modern SaaS operations.
Encrypted Storage
Stored evaluation data and generated outputs are kept in protected systems with role-aware access patterns and operational safeguards.
Encrypted Transport
Application traffic is served over HTTPS so data moving between browser, services, and APIs is protected in transit.
Workspace Separation
Workspace boundaries and permission checks are used to keep team data segmented within the product experience.
Credential Hygiene
Operational secrets and integration credentials are handled outside product code paths and reviewed as part of deployment workflows.
Identity & Access Management
Granular controls that ensure only the right people access the right data.
Team Access Controls
Workspaces can be organized around role-aware access so the right people can review, edit, and share the right records.
Role-Based Access Controls (RBAC)
Fine-grained permissions system with pre-built roles (Admin, Editor, Viewer, Analyst) and custom role creation. Control who can create, edit, share, or delete evaluations at the workspace level.
Authentication Controls
Authentication and session controls can be extended as teams grow and enterprise requirements become more formalized.
Session Management
Configurable session timeouts, concurrent session limits, and remote session revocation. Admins can force logout for any team member from the dashboard.
Continuous Monitoring & Audit
Visibility into access patterns, operational events, and security follow-up work.
Comprehensive Audit Logging
Every action — login, evaluation creation, report export, permission change, API call — is logged with timestamp, user identity, IP address, and action details. Audit logs are immutable and retained for 12 months.
Anomaly Detection
Automated monitoring for suspicious access patterns, unusual data exports, brute-force login attempts, and geographic anomalies. Real-time alerts for security events.
Infrastructure Monitoring
Core services are monitored for availability, performance, and operational anomalies so the team can respond quickly when issues occur.
Security Review Support
Teams with formal procurement or security review needs can contact VentureMerit for the current state of controls, data handling, and deployment practices.
AI-Specific Data Protection
Your startup data is your intellectual property. Here's how we protect it in the AI evaluation pipeline.
No Training on Your Data
Your evaluation data is never used to train, fine-tune, or improve our AI models. Your startup descriptions, business strategies, and competitive analysis remain completely confidential and are used solely for your individual evaluation.
Ephemeral Processing
AI processing occurs in isolated, ephemeral environments. Your data is not persisted in the AI processing layer — it enters, is evaluated, and the results are stored in your encrypted workspace. No cross-contamination between users.
Transparent AI Providers
We use enterprise AI API agreements with strict data protection clauses. Our AI providers do not retain, log, or train on evaluation data processed through our API endpoints.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a potential security issue, please report it responsibly to security@VentureMerit.com. We commit to:
- Reviewing the report promptly
- Confirming whether we can reproduce the issue
- Keeping you informed when follow-up is required
- Crediting you in future acknowledgments when appropriate and approved
Please do not publicly disclose the vulnerability until we've had a reasonable opportunity to address it.