SOC 2 Type II
Continuous monitoring across security, availability and confidentiality. Annual third-party audit.
Frameworks we maintain in production.
ISO 27001
Information security management system certified across global operations.
GDPR & UK-GDPR
Privacy program led by external DPO; standard contractual clauses for international transfers.
CCPA / CPRA
California consumer privacy compliance across our marketing, billing and customer surfaces.
PCI DSS (SAQ A)
Card data handled by tokenized Stripe processors only — we never see PANs.
Pen tests & bug bounty
Annual external pen tests and a continuous private bug-bounty program.
Production numbers, on the public record.
99.99%
Trailing 12-month detection-pipeline availability
<5m
Median incident-detection time across production surfaces
0
Customer-impacting security incidents in trailing 24 months
Need a security questionnaire or audit report?
Email [email protected] or download our latest SOC 2 letter from the customer portal.