Security & Compliance

Compliance is our product.
Trust is how we prove it.

We help cloud teams reach SOC 2, ISO 27001, and HIPAA. We hold our own infrastructure to the same bar — in the open, with evidence you can request today instead of waiting on a sales call.

Currently certified & assessed

Our core compliance posture.

ISO 27001

Certified

Certificate available

SOC 2 Type II

Attested

Report available

VAPT

Pentested

Summary available

DPA

Compliant

DPA available

How we protect the platform

The controls behind the certifications

A summary view. Full control detail lives in the SOC 2 report and ISO 27001 Statement of Applicability — both available in the document request center below.

Encryption

Data Protection

Data encrypted in transit with TLS 1.2+ and at rest with AES-256. Keys are managed and rotated through AWS KMS.

Access control

IAM Policies

Least-privilege roles, mandatory MFA, and SAML SSO. Every access change is logged and reviewed quarterly.

Infrastructure

Cloud Security

Hosted on AWS across multiple availability zones. We scan customer clouds through read-only, agentless roles — never write access.

Document request center

Request the evidence

Some reports are gated by mutual NDA, since they describe control detail we only share with prospective and current customers.

  • SOC 2 Type II report
    Issued by independent CPA firm
    NDA required
  • ISO/IEC 27001:2022 certificate
    Issued Mar 2026
    NDA required
  • Penetration test summary
    Annual external assessment, executive summary
    NDA required
  • Subprocessor list
    Always current — see below on this page
    Public
  • Information security policy summary
    Control overview
    Public
Subprocessors & data flow

Every third party that touches your data

And exactly what each one is allowed to see. We add a subprocessor here before it ever touches production data, not after.

SubprocessorPurposeRegionData categoriesStatus
Amazon Web ServicesINFRASTRUCTURE Primary hosting, compute, and storage US (us-east-1, us-west-2) Account metadata, scan results, encrypted backups Active
SlackCOMMUNICATIONS Customer-configured alert delivery US Workspace webhook URL, alert text Active
StripePAYMENTS Payment processing and subscription management Global Billing details, email address Active
HubSpotCOMMUNICATIONS Customer relationship management (CRM) US Contact information, company details Active
GoogleINFRASTRUCTURE Workspace email and internal analytics Global Internal communications, telemetry Active
CloudflareINFRASTRUCTURE Content delivery network (CDN) and WAF Global IP addresses, traffic logs Active

Why Transparency Matters

Security is no longer just a technical requirement; it is the foundation of customer trust. Modern organizations require clear, verifiable evidence that their vendors take data protection seriously. By centralizing our compliance artifacts, penetration testing summaries, and security policies, we remove the friction from vendor risk assessments.

We believe that transparency accelerates business. Providing on-demand access to our security posture allows your procurement and security teams to validate our controls quickly and confidently, ensuring a secure and compliant partnership from day one.