Skip to content

Built with security in mind from day one.

We safeguard your personal information

Data Protection

Our platform and privacy practices also comply with CPRA and other data protection laws applicable to our business.


We are dedicated to safeguarding your data and align our platform with industry best practices, including the NIST Cybersecurity Framework.


Our Privacy Policy is available on our website, and we utilize strict access controls, firewalls, and continuous vulnerability monitoring.

We perform rigorous security audits.

Vestwell undergoes an annual SOC 2 Type 2 audit as part of our transparency commitment. Our independent auditors assess us against over 200 controls, encompassing security, privacy, and various business activities. We have always received an unqualified opinion - the best outcome for a SOC 2 audit.

We adhere to best practices and beyond.

In 2022, the Department of Labor issued guidance for service providers to qualified plans, regarding security protocols from encryption to multi-factor authentication. Vestwell has maintained those security features and more since the inception of our company.

We are insured.

Vestwell is fully insured against cyber events, errors and omissions, and other professional liability policies. All our carriers hold an AM Best rating of A- or better, and we have a flawless record with no policy cancellations or non-renewals.