Security & Compliance
Building trust through transparency and rigorous security standards
Our Path to Certification
We're actively pursuing industry-leading certifications including SOC 2, ISO 27001, GDPR compliance, and HIPAA readiness. While we're not yet certified, we're committed to building with compliance in mind from day one.
Our transparent approach means you can track our real-time progress as we work toward these important milestones.
We're committed to transparency, regular audits, continuous monitoring, and implementing security best practices at every level.
Transparency
Real-time progress tracking and open communication
Regular Audits
Third-party security assessments and reviews
Continuous Monitoring
24/7 security monitoring and threat detection
Best Practices
Industry-leading security standards and protocols
SOC 2 Type I & II
Expected: Q4 2025
SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests and privacy of their clients. Type I validates security at a point in time, while Type II evaluates security over a period.
Gap Analysis
Assess current security controls against SOC 2 requirements
Policy Development
Develop and document information security policies and procedures
Technical Controls Implementation
Implement required technical security controls and safeguards
Risk Assessment
Conduct comprehensive risk assessment and mitigation planning
Employee Training
Train employees on security policies and procedures
Vendor Management
Establish vendor management program and review third-party security
Readiness Assessment
Conduct internal readiness assessment before formal audit
Type I Audit
Complete SOC 2 Type I audit (point-in-time assessment)
Type II Observation Period
Maintain controls over 6-12 month observation period
Type II Audit
Complete SOC 2 Type II audit (period-based assessment)
Current Security Practices
While we work toward certification, we maintain robust security practices to protect your data
End-to-End Encryption
All files are encrypted before upload and remain encrypted during processing. Your data is protected at rest and in transit.
Access Control
Role-based access control (RBAC) and multi-factor authentication (MFA) for all user accounts.
Comprehensive Audit Logging
Detailed logging of all system activities and access for security monitoring and compliance tracking.
Data Retention Policies
Clear data retention and deletion policies. All backend processing data is automatically deleted immediately after use.
Incident Response
Documented incident response procedures and breach notification processes to handle any security events.
Vendor Management
Thorough security review of all third-party vendors and service providers we work with.
Contact Our Security Team
Have security questions or concerns? Our security team is here to help. For responsible disclosure of security vulnerabilities, please contact us directly.