Is Vercel safe?
Platform safety report on Vercel — comprehensive audit of what the platform protects, what it leaves to you, and how apps deployed on Vercel fail in production. Vercel's platform security is excellent. The security questions are about what you deploy on it.
Vercel is safe. It ships with HTTPS, HSTS, platform-level protections. Your app's security is your own.
How it fails in production
Environment variables leaked client-side
Any NEXT_PUBLIC_ variable ships to the browser.
Access tokens leaked
A Vercel access token grants deploy + env-read access. See /leak/vercel-access-token.
Preview environments pointing at production data
Preview deploys with prod DB urls expose data to any PR reviewer.
How to ship safely on Vercel
- Review env var prefixes — secrets never NEXT_PUBLIC_
- Rotate Vercel access tokens on team departure
- Preview deploys use preview-database URLs, not prod
- Install Securie's Vercel Integration
Securie integrates natively with Vercel. Pre-deploy scanning + access-token detection + preview-env audit all first-class.
Verdict
Vercel is safe. Your Vercel deployments are safe to the extent you scan them.