Security
Advanced security for your mail
Your physical mail and online data are safeguarded by multiple layers of protection, including secure mail processing centers, strict access controls, continuous monitoring, and secure data transfer and storage protocols.


SOC 2 Type II Certified
Guarantees the security of your data and the privacy of your clients. SOC 2 is an auditing protocol aimed at verifying that your service providers adeptly handle your data, safeguarding both your organization's interests and the confidentiality of your clients.
HIPAA compliance
VPM adheres to HIPAA standards to protect sensitive patient health information from being disclosed without the patient's knowledge or consent. VPM will also sign a BAA to satisfy HIPAA requirements.
Two-factor authentication (2FA)
This extra layer of authentication strengthens security access to your account and data. In addition to your standard password, 2FA requires you to enter a one-time passcode to gain access to your account. This is done using an authenticator app that’s installed on your phone.
Risk mitigation and audits
VPM performs periodic security audits to mitigate risks and vulnerabilities in the system. VPM is also proactive in finding and fixing potential weaknesses within the organization's network and data infrastructure.
On-site mail receiving
Mail is received on-site, securely stored at VPM facilities, and processed exclusively in-house by HIPAA and SOC 2-trained staff—never by a third party.
On-premise document shredding
All of your unwanted mail is shredded on-site using mobile shredding services. Your mail leaves the facility in millions of pieces to prevent your personal information from landing in the wrong hands. Document destruction certificates are available upon request.
Online mail data protection
Your mail data is hosted only on Amazon Web Services’ (AWS) SOC2 and HIPAA compliant infrastructure. It is encrypted when stored at rest and stored with 99.99% durability over a given year to reduce data loss. We protect your data as outlined in our DPA.
SSL encryption for data in motion
All transfers involving your mail data are encrypted with high level SSL encryption, which blocks unauthorized users from intercepting information in flight.
Hashed passwords
No one, not even VPM, will know your password. This is because it’s not stored in cleartext, but hashed and stored using SHA-256 and higher algorithms.
Bank level encryption for billing
Your payment data is encrypted and stored in PCI Compliant systems ensuring no one gains access to your credit card information.
Keep mail private
Occasionally you may receive sensitive mail that is for your eyes only. In this situation, you can request that your mail not be opened or scanned, and instead, have it shipped to directly to you. You decide the best way to handle your mail.
Top grade surveillance
Sleep well knowing that every VPM location has high resolution security cameras, alarms, and door access control systems to guard your mail from unwanted visitors. All mail processing is monitored for additional safety.
Third party data use
Under VPM’s privacy policy, your personal information is not shared with unauthorized third parties. Your data is not sold, rented, or provided to outside parties and your information is only used with third party partners (CRM, AWS, and email systems) to provide the services VPM offers.