Skip to content

Compliance

The standards we hold ourselves to.

Compliance is a posture, not a checkbox. Here's where we are today and where we're going. For audit evidence, security questionnaires, or the full compliance brief, contact [email protected].

  • SOC 2 Type II

    In progress, target H2 2026

    We follow the SOC 2 control framework internally today. Type II attestation lands later this year.

  • GDPR

    Compliant by design

    EU representative in place. Pre-signed DPA with SCCs Module 2. Public sub-processor list. Optional EU-only data residency.

  • CCPA

    Compliant by design

    Rights to know, delete, opt out, and non-discrimination — California residents have the standard set.

  • EU Cyber Resilience Act (CRA)

    Reporting-ready ahead of September 2026 deadline

    Vulnerability disclosure, mandatory patching cadence, and CRA-aligned reporting are part of our security program.

Data sovereignty options

For enterprises with specific data residency requirements not covered by our standard regions, we offer on-premise installation, deployment on your existing infrastructure, or a dedicated region we provision for you. Contact our enterprise team to discuss your requirements.

Detailed compliance brief and third-party audit evidence are available to enterprise prospects under NDA. Contact [email protected].