Security and compliance, built in.
New Venue Data sits between Florida's public-records systems and the teams that build on them. We treat both your account data and the entire ingestion pipeline with bank-grade rigor — encrypted end to end, least-privilege by default, and continuously monitored.
Below is exactly how we protect your data, secure the API, and approach the regulatory frameworks our customers care about.
Defense in depth, end to end
Every layer — from the network edge to the database to your API keys — is designed to fail safe.
Encryption everywhere
All traffic to our API and dashboard is encrypted in transit with TLS 1.3 (HSTS enforced, modern ciphers only). Data at rest is encrypted with AES-256, including primary stores, backups, and exports.
Hardened infrastructure
New Venue Data runs on a SOC 2-compliant cloud provider with isolated production environments, private networking, and no direct public access to data stores. Production is fully separated from staging and development.
Access controls
Internal access follows least-privilege and is gated behind SSO with mandatory MFA. Enterprise customers get SSO/SAML, scoped roles, and tamper-evident audit logging across every action in their workspace.
API security
Authenticate with scoped, revocable API keys and rotate them with zero downtime. Webhooks are HMAC-signed so you can verify every payload, and per-key rate limiting protects against abuse and runaway integrations.
Responsible data handling
We process business-entity public records only — no consumer PII, no SSNs, no credit data. Florida DBPR sources are refreshed daily and retained only as long as needed to power your feeds and historical lookups.
Reliability built in
Pro and Enterprise plans carry a 99.9% uptime SLA backed by health checks, automated daily backups with point-in-time recovery, and continuous monitoring with on-call alerting.
Frameworks we align to
We hold ourselves to the standards our customers are audited against — and we're transparent about where each one stands.
SOC 2 Type II
Controls audit covering security, availability, and confidentiality.
GDPR-aware practices
Data-minimization, processing records, and DPA available for EU-facing customers.
CCPA
Aligned with California privacy requirements for business contacts and data subject requests.
FCRA-safe by design
Business-entity public records only. We are not a consumer reporting agency under the FCRA.
Need our SOC 2 report-in-progress, penetration test summary, or a signed DPA? Enterprise customers can request our full security package under NDA from their account team.
Responsible disclosure
Security is a shared effort. If you believe you've found a vulnerability in our API, dashboard, or infrastructure, we want to hear from you. Email us a detailed report and we'll acknowledge it within one business day, keep you updated as we investigate, and credit researchers who follow good-faith disclosure.
security@newvenuedata.comStart monitoring Florida in minutes.
No contracts. Cancel any time. County plan from $149/month.