Skip to content

Security & Trust

Last updated: June 2026

How we protect customer data — and model the standards we help our customers meet.

1. Our approach

We sell compliance, so we hold this site and our product to the standards we help customers meet. Security is built on best practices — role-based access, audit trails, document sign-off and encryption — and on transparency: an open-source core you can inspect.

2. Application security (this site)

  • HTTPS everywhere, with HSTS and automatic HTTP→HTTPS upgrade.
  • A strict, nonce-based Content Security Policy on every response.
  • Hardened headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy and Permissions-Policy.
  • No third-party trackers, ad pixels, or client-side secrets.
  • Contact-form input is validated server-side with spam and rate-limit protection.

3. Data protection & encryption

Data is encrypted in transit using TLS. For the product, data is encrypted at rest and access is scoped to least privilege. {{ENCRYPTION_SPECIFICS}}

4. Access controls

Role-based access control, audit logging and documented approval workflows protect sensitive data and provide an evidenced trail. {{ACCESS_CONTROL_SPECIFICS}}

5. Infrastructure & hosting

Hosted on secure, managed cloud infrastructure with encryption in transit and at rest and least-privilege access. Private cloud hosting and data-residency options are available for enterprise customers. {{HOSTING_SPECIFICS}}

6. Open source & data sovereignty

Our open-source core means no black box — you can review exactly how data is handled, and export your data at any time.

7. Compliance status

SOC2Start is committed to strong security practices and is working toward its own formal certifications. We do not currently claim to hold a SOC 2 (or other) certification. This page will be updated with any certification status once independently verified. {{CERTIFICATION_STATUS}}

8. Responsible disclosure

Found a vulnerability? We appreciate responsible disclosure. Please email security@soc2start.io with details and steps to reproduce. {{DISCLOSURE_POLICY}}

9. Contact

Security questions or documentation requests? Email security@soc2start.io or visit our trust center.

Get audit-ready. Stay in control.

Start free, then pay per framework as you grow. Transparent pricing that doesn't punish you for being early.

Security & Trust · SOC2Start.io