Is Vanta safe with your data?
Vanta
Vanta Inc.
Partial disclosure · high confidence
Vanta earns a C (55/100) because it discloses its data practices only in part.
#69
of 211 apps ranked
55
score · Security & compliance avg 50
+5
vs category average
Vanta prohibits use of customer information to train AI models, provides standard data subject rights, maintains a Data Privacy Framework certification, but retains broad discretion on data retention and employs vague security standards.
What Vanta's privacy policy and terms of service say about your data
AI Training Protection
Vanta explicitly prohibits use of customer information to train AI models (4.6.1), though Feedback and Aggregated Anonymous Data may be used for training
Data Subject Rights
Policy provides full support for access, deletion, portability, correction, and objection rights across all D2 indicators
Retention Vagueness
D3.1 retention period is 'as long as necessary' with no numeric limit, preventing a full award despite a documented DPO and international safeguards
Ads/Marketing Opt-Out
Vanta discloses sale/sharing of data to ad networks with an opt-out right (D4.3), meeting half award standard for conditional sale
What the policy is silent or vague on
- Not stated: keeping user inputs out of model training
- Not stated: a way to opt out of training
- Not stated: whether training use differs by plan
- Not stated: a retention period for your data
Vanta privacy rating
Details
- Category
- Security & compliance
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2026-02-25
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other security & compliance apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.