VTEX regularly audits its information security controls through independent professionals to ensure transparency and excellence in its practices. This external validation aligns policies and procedures with security standards and strengthens trust with customers and partners.

Penetration tests (or pentests) are simulated attacks on a computer system, network, or web application to assess security, identify vulnerabilities, and fix them. This type of test is run ethically to assess the system's security without causing real damage.

Our certifications attest to our commitment to implementing robust security measures, including penetration testing and vulnerability scanning, which are performed periodically. As verified by external audits, vulnerabilities discovered during testing are tracked and resolved through our vulnerability management program, in accordance with industry best practices.

We understand that our enterprise customers also need to meet security audit requirements, ensuring compliance of their business with industry regulations. That is why we have decided to make it easier and more accessible for all our customers to meet audit requirements.

Instead of analyzing individual penetration test requests from customers, we now share the Attestation of Penetration Testing report for the latest penetration tests performed on our behalf by an independent, reputable and technically competent third-party security consultancy.

This is provided upon request, free of charge, by opening a ticket to VTEX support.

Please note that our Master Services Agreement (MSA) expressly forbids performing penetration tests against the VTEX platform without our prior written consent. Doing so without our authorization would constitute a breach of contract by the customer.