No Days Off for Your
Data's Safety
We want you to feel as safe with us as you do when you're on vacation.
Security You Can Trust
Vacation Tracker follows enterprise-grade security practices and undergoes regular audits by independent experts.
We’re proud to be SOC 2 Type II certified, meeting strict standards for data protection and privacy.
-
Ultimate data protection
-
Always on high alert
-
Unbreakable security
Our Security Doesn’t
Take Time Off
Data Encryption
We are committed to providing not only an efficient leave tracking system, but also ensuring the safety and protection of your data. Data is encrypted both in-transit using TLS and at rest.
Secure Software Development
Vacation Tracker utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
Employee Training
Security is everyone’s responsibility. Each year, all employees complete a mandatory security training program and follow best practices when working with customer data.
Strategic Hosting on AWS
We securely host our platform on Amazon Web Services (AWS), with servers located in both North America and Europe. This setup provides enhanced data redundancy and faster performance for users in these regions.
Penetration Testing
Vacation Tracker partners with leading security firms to conduct annual penetration tests at both the network and application levels.
Vulnerability Disclosure Program
If you think you’ve found a security vulnerability in Vacation Tracker, please contact us at security@vacationtracker.io. Our security team reviews and investigates all reports promptly.

SOC 2 Report
We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.
Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

GDPR Compliance
Vacation Tracker is compliant with the General Data Protection Regulation (GDPR), demonstrating our commitment to data protection, transparency, and user rights.
We follow the core GDPR principles—such as data minimization, user consent, and privacy by design—and ensure that all personal data is processed securely. Regular internal reviews and audits help us maintain compliance, safeguard user information, and build lasting trust with our customers.

Continuous Security Control
Monitoring
Vacation Tracker uses Drata's automation platform to continuously monitor 100+
security controls across the organization.
Automated alerts and evidence collection allows Vacation Tracker to confidently
prove its security and compliance posture any day of the year, while fostering a
security-first mindset and culture of compliance across the organization.