Veri-Tech
Trust Center

One destination for procurement, legal, and security review.

Everything a buyer's security or compliance team needs to evaluate Veri-Tech: how we handle data, who we share it with, the terms that govern it, and the frameworks we cover. Each link is the source of truth for its topic — version-controlled and updated as the product evolves.

Last reviewed: 2026-04-29

US-Based Infrastructure
Azure East US 2; Vercel iad1
BAA Available
HIPAA Compliance Pack add-on
Microsoft Partner
MPN identity verification in process
Veteran-Owned Business
VOSB certification in process
Pillars

Where everything lives.

Each pillar links to a canonical, version-controlled page. Use these in your vendor risk assessment, DPIA, or BAA package.

Security Posture

Read-only by default, scoped JIT write authorization, X.509 certificate auth, US-based infrastructure, and incident response contact.

Read the security overview

Sub-Processors

The version-controlled list of every third party Veri-Tech engages, with HIPAA Business Associate status, ePHI handling, and a 30-day change-notice mechanism.

View canonical sub-processor list

Data Processing Agreement

Customer Controller / Veri-Tech Processor framework, technical and organizational measures, EEA/UK/Swiss transfer mechanisms (Standard Contractual Clauses), and audit rights.

Read the DPA

Privacy Policy

What we collect, how we use it, where it lives, and how to exercise data rights. No advertising trackers, no third-party analytics on authenticated portal pages.

Read the privacy policy

HIPAA & Business Associate Agreement

Veri-Tech does not require, request, or process PHI to operate. The BAA template is published in full; Customers with the HIPAA Compliance Pack accept it through an in-portal click-through that records timestamp + IP as electronic signature.

Read the BAA template

Master Services Agreement

Commercial framework: term, renewal, payment terms, change control, and order of precedence across the legal stack. Linked to the SLA, DPA, and BAA where applicable.

Read the MSA

Service Level Agreement

99.5% Monthly Uptime, RTO 4 hours, RPO 1 hour, with a defined service-credit schedule. Severity-tiered support response and a public status page for incident transparency.

Read the SLA

Incident Response & Breach Notification

Severity classification, response SLOs (1h for SEV-0, 24/7), the four-factor HIPAA breach analysis, and consolidated GDPR/HIPAA/state breach notification timelines.

Read the policies

Terms & Acceptable Use

Master terms governing use of the Service, plus the Acceptable Use Policy that defines prohibited conduct and tenant scope.

Read the terms
Frameworks

Compliance frameworks we cover.

Veri-Tech maps tenant configuration to controls across multiple public frameworks. Framework references are nominative — Veri-Tech is not affiliated with or endorsed by these publishers.

HIPAA Security Rule
67 controls with CFR §164 citations (HIPAA Compliance Pack)
HHS 405(d) HICP
10 practices, 94 sub-practices
NIST 800-53
Authoritative hub via OSCAL ingest
CISA M365 SCuBA
Federal civilian baseline
CIS Microsoft 365
Nominative reference (CC BY-NC-SA)
EIDSCA
Entra ID Security Configuration Analyzer
ISO/IEC 27001:2022
Crosswalk via NIST OLIR
SOC 2 Trust Services Criteria
Heuristic mapping (no public authoritative source)
NIST CSF 2.0
Roadmap
GDPR (ISO 27701 bridge)
Roadmap
Contact

Questions for security, privacy, or legal?

Reach the right team directly. We respond to vendor risk questionnaires, DPIA requests, and BAA / DPA execution requests in under five business days.

Security
security@veri-tech.net
Privacy
privacy@veri-tech.net
Legal
legal@veri-tech.net