This page is written for the reviewer, not the buyer. Every document below is public and needs no account, every claim is implemented in the platform today, and the gaps are listed as plainly as the controls. Forward this URL to your security team and the review can start without a single meeting.
The architecture stated as evidence: ~200 tables under row-level security with 24 isolation suites in CI, 60 second signed downloads, the AI data flow, the 72 hour incident commitment, and a claim ladder with an explicit Not yet column. Check the ladder first; it tells you whether to believe the rest.
app.vendorbenchmark.com/security →Tenant isolation mechanics, identity, data lifecycle, the AI data flow, benchmark anonymity, audit and incident response, subprocessors, compliance, and an honest section on what we do not have yet. Check the answers against your questionnaire; most map one to one.
app.vendorbenchmark.com/security/faq →All public. Check the subprocessor list against the AI data-flow claims (Anthropic is the only model provider) and the DPA's deletion commitments against the deletion certificate feature.
/dpa · /subprocessors · /termsFramework status stated honestly (SOC 2 Type I targeted Q4 2026, report under NDA when issued) plus the resilience table: backups, restore tests, and penetration testing, each with a date or an honest not yet.
app.vendorbenchmark.com/compliance →The policy set and a pre-completed security questionnaire, delivered through scoped, expiring, revocable links behind a click-through NDA. Every open is written to an audit log.
Request access →With a login: the Security Center (your org's MFA coverage, audit export, SIEM webhook), the audit trail itself, and the deletion certificates under Settings. These are the controls you verify rather than trust.
Security Center (login) →The full, dated version lives on the security page’s claim ladder and moves left only when the code or the evidence exists.
Security at Redress is owned by Fredrik Filipsson, founder. Vulnerability reports are acknowledged within 3 business days with safe harbor for good-faith research, and if an incident ever affects your data you hear it from us within 72 hours of confirmation, followed by a written post-mortem. We sign your NDA or bring ours.