Under the hood · Vault-grade
Built like a vault
A dealer archive is only worth what it protects. Vestari treats every record like it belongs behind a safe deposit box, because for the dealer, it does. Here is the full engineering picture.
AES-256-GCM at rest
Every sensitive field — contact names, phone numbers, WhatsApp handles, group identifiers, free-text notes — is encrypted with AES-256-GCM before it hits disk. FIPS-197 compliant. Bank-grade.
TLS 1.3 in transit
All connections use TLS 1.3 with forward secrecy. HSTS is enforced with preloading. Legacy TLS versions and weak ciphers are disabled at the load balancer.
Per-account key isolation
A master key stored in AWS Secrets Manager derives a unique per-account key via HKDF-SHA256. Compromise of any single per-account key exposes only that account, never the archive at large.
HMAC-SHA256 fingerprints
Deduplication uses HMAC-SHA256 fingerprints of (brand, reference, price, deal date). We never index sensitive fields in plaintext. The pool cannot be scanned by identity.
Read-only WhatsApp bridge
The bridge cannot send messages, react, join, or leave a group. Zero send permissions at the protocol wrapper. Every write attempt is refused by the worker.
US-hosted, dealer-controlled
Hosted in AWS us-east-1. No offshore data transfer. Dealers can export, purge, or delete an account and have it purged in full within 30 days.
Zero data retention with OCR provider
Photo OCR uses Anthropic Claude under a zero-data-retention agreement. Content is never retained by the model provider and never used to train external models.
Least-privilege access
Production access requires hardware-key MFA. No standing engineer access to dealer plaintext. Every access to encrypted material is logged and reviewed.
Never — no exceptions
- Never send WhatsApp messages on your behalf
- Never share raw contact info between dealers
- Never expose the group name in any pool row
- Never train external AI models on dealer data
- Never sell, license, or syndicate dealer data
- Never store credit card numbers — Stripe handles PCI
Incident response
If we detect a security incident, we notify affected dealers within 72 hours with the scope, the fields exposed, and the containment steps taken. Reports come by email to the address on file plus an in-app banner. Our disclosure log is public and versioned.
Suspect an issue? Email security@getvestari.com. PGP key on request.