Comprehensive security documentation for enterprise customers. Our small team size is our security advantage: direct accountability, rapid response, and every line of code reviewed by senior developers.
10 certified applications
Completed March 2024
Full compliance with EU regulations
SOC 2 & ISO 27001 infrastructure
No. Under our standard SaaS architecture, all customer data remains exclusively in your Microsoft 365 tenant. VirtoSoftware applications access your data via Microsoft Graph API with user-delegated permissions, processing data in-memory only without persistence.
Your data stays in your Microsoft 365 tenant, in the geographic region you’ve configured with Microsoft. VirtoSoftware does not store customer data. Our application infrastructure runs on Microsoft Azure in the USA region.
Your data remains safe in your Microsoft 365 tenant – it’s never held hostage. You can simply revoke the application’s access permissions via Azure AD, and all your data remains accessible in SharePoint/Teams. For enterprise customers, we offer source code escrow arrangements.
We maintain a formal Incident Response Plan with defined procedures for detection, containment, and resolution. Our CEO and CTO personally manage all security aspects with direct accountability. We commit to notifying affected customers within 24 hours of confirming any security incident.
