The receipts your security team wants.
SOC 2 Type II in audit, GDPR + CCPA, ISO-aligned, AWS eu-west-2 hosting, SSO. Everything procurement and security need in one place, current controls + sub-processors downloadable under NDA in minutes, not weeks.
Compliance + certifications
Audited annually by an independent third party. Reports available under NDA.
SOC 2 Type II
In audit. Target Q3 2026. Current controls + sub-processors available under NDA.
GDPR + CCPA
Data hosted in AWS eu-west-2 (London). DPA signed by default.
ISO 27001 aligned
ISMS controls modelled on ISO 27001:2022. Certification on roadmap H2.
PCI-aware
No card data ever touches our systems, handled by Stripe + your gateway.
HIPAA-ready (BAA)
BAA available for healthcare brands on Enterprise plans.
Cyber Essentials
UK Cyber Essentials on the certification roadmap for our public-sector customers.
Platform security
How we keep your data safe in transit, at rest and at the seams.
SSO + SCIM
SAML 2.0 + OpenID Connect. SCIM 2.0 user provisioning. MFA enforced for all admin roles.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Per-tenant KMS keys on Enterprise.
AWS eu-west-2 (London)
Single-region hosting in eu-west-2 today. Additional regions (US, AP) available on request for Enterprise.
Audit logs + exports
Tamper-evident log of every admin action. CSV export and SIEM stream (Splunk, Datadog).
Continuous scanning
SAST, dependency scanning and container CVE scanning on every commit. Pen-tested quarterly.
Incident response
Severity-1 acknowledgement under 1 hour during business hours. Written post-mortem to impacted customers within 5 business days.
Procurement-ready
Documents your legal + finance teams want before a kickoff.
Master Service Agreement
Standard MSA with redline-friendly clauses for global enterprises.
RequestData Processing Addendum
GDPR + UK GDPR + CCPA compliant DPA, with EU SCCs and UK IDTA.
RequestSub-processors list
Live list at /trust/subprocessors with 30-day change notification email.
RequestService Level Agreement
99.95% uptime SLA on Enterprise. Service credits codified.
RequestVendor security questionnaire
CAIQ + SIG-Lite + custom questionnaires pre-filled. Average turn-around: 48 hours.
RequestInsurance
$10M cyber liability + $5M E&O. Certificates on request.
Request
Found a security issue? Tell us first.
We run a private bug bounty on HackerOne and a public coordinated disclosure process. We acknowledge every report within 24 hours and pay bounties for valid findings.
- 24-hour first response
- Bounties up to $10,000 for critical findings
- Public hall-of-fame for researchers
Security review
Need our SOC 2 report or DPA?
Available under NDA in minutes. Plus a fully-prefilled vendor security questionnaire (CAIQ + SIG-Lite).
- No credit card
- Cancel anytime
- SOC 2 + GDPR
