Our approach
Velocent places senior engineers inside client teams, so security is part of how we work, not an afterthought. The practices below describe how we handle access, data, and tooling on engagements.
Access and least privilege
Engineers receive the minimum access required for their work, granted through your own systems and identity provider wherever possible. Access is reviewed during the engagement and revoked promptly when it ends.
Data handling
We keep client code and data inside client-controlled systems wherever we can, and avoid unnecessary copies. Any local working data is removed at the end of an engagement.
People
We work with vetted, senior engineers, sign confidentiality agreements before sensitive work begins, and follow each client's security and compliance requirements.
AI tooling
We use AI tools within each client's policy. We do not send client code to services a client has not approved, and our tooling is configured to respect your data-handling rules.
The website
This site is served over HTTPS and collects only the data described in our Privacy Policy.
Reporting a vulnerability
If you believe you have found a security issue in this site or in our work, please contact security@velocent.dev and we will respond promptly.