We're happy to provide compliance documentation, answer security questionnaires, and support your vendor assessment process — tell us what your review needs.
Contact our security team →
Security and compliance,
built in
We take security seriously across our products, services, and internal operations. Here is our current posture — stated honestly, including what's still in progress.
What's certified, in progress, and planned
The honest version a security review expects. We do not upgrade a status until it's true.
| Standard | Scope | Status |
|---|---|---|
| GDPR | All data processing aligned with EU GDPR. Data stays in EU regions. | Compliant |
| CIS Benchmarks | Kubernetes clusters hardened to CIS Benchmark Level 2 standards. | Compliant |
| SOC 2 Type II | Security, availability, and confidentiality controls under independent audit. | In Progress |
| ISO 27001 | Information security management system certification. | Planned |
The posture behind the certificates
A certificate list is the headline. What reassures a reviewer is how we run things day to day — where data lives, how clusters are hardened, and the controls on our own operations.
- 01
-
EU data residency
Customer data stays in EU regions by default — no transatlantic surprises.
- 02
-
Hardened clusters
CIS Benchmark Level 2 baselines, policy-as-code enforcement, least-privilege RBAC.
- 03
-
Internal controls
Access reviews, secrets management, and audit logging across our own operations.
- 04
-
Secure delivery
Encrypted in transit and at rest; change control and review on every production path.
Documentation & questionnaires
Need our compliance documentation?
We support security questionnaires and vendor assessments — tell us what you need.