Skip to content

Privacy Policy

Last updated: June 2026

Your privacy matters. This policy covers the SOC2Start.io marketing site.

This is a template. Sections marked {{LIKE_THIS}} and the policy as a whole must be reviewed and completed by legal counsel before launch.

1. Overview

This Privacy Policy explains how SOC2Start.io, operated by soc2start LLC (“we”, “us”), handles personal data collected through this marketing website at soc2start.io. It does not cover the SOC2Start product application, which is governed separately.

We collect the minimum necessary data, never sell it, and run no advertising or cross-site ad tracking on this site.

2. Information we collect

Contact form. When you submit the contact form we collect your name, work email, optional company and message, and your inquiry type. These are used only to respond to you.

Technical data. Our hosting provider processes standard request metadata (e.g. IP address) to deliver and secure the site and to rate-limit the contact form. We do not store this for marketing.

Analytics cookies. Google Analytics is loaded in consent mode with analytics storage denied by default; its first-party (_ga) cookie is set only after you accept analytics cookies in our consent banner. We also store a small s2s_consent cookie to remember your choice and, once you accept, a first-party s2s_session cookie recording your first and last visit and a visit count (kept in your browser, never sent to a server). We honour Global Privacy Control signals as a decline, and use no advertising or cross-site trackers.

3. How we use information

  • To respond to your enquiries and demo requests.
  • To operate, secure and improve this website.
  • To prevent spam and abuse of the contact form.

4. Analytics & cookies

We use Vercel Web Analytics and Speed Insights — privacy-respecting, aggregate, and free of cross-site cookies. We also use Google Analytics 4 (gtag.js), which runs in Google Consent Mode with analytics storage denied by default: its first-party _ga cookie is set only after you accept analytics cookies in our consent banner, and we honour Global Privacy Control signals as a decline. You can change your choice at any time by clearing the s2s_consent cookie. GA is subject to Google's privacy policy; we run no advertising pixels and never sell your data.

Cookies this site may set

  • _ga / _ga_* — Google Analytics; distinguishes visitors for aggregate usage statistics. Set only after you accept analytics cookies. Expires up to 2 years.
  • s2s_consent — remembers your cookie choice so we don't ask again. Expires after 1 year.
  • s2s_session — records your first and last visit and a visit count, stored in your browser only. Set only after you accept analytics cookies. Expires after 1 year.
  • _GRECAPTCHA — set by Google reCAPTCHA on the contact page for spam and bot protection (a security cookie). Expires after about 6 months.

6. Data sharing & subprocessors

We do not sell personal data. We share data only with the service providers needed to run the site:

  • Vercel — hosting and privacy-respecting analytics.
  • Resend — delivery of contact-form emails to our team.
  • Google reCAPTCHA — bot and spam protection on the contact form (subject to Google's privacy policy and terms).
  • Google Analytics — aggregate, privacy-respecting website-usage analytics (subject to Google's privacy policy).
  • Amazon Web Services (AWS) — cloud infrastructure underlying our hosting.

7. Data retention

We keep contact-form correspondence only as long as needed to handle your enquiry and for reasonable follow-up, then delete it.

8. International transfers & DPA

Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses. A Data Processing Addendum (DPA) is available on request for product customers.

9. Security

We apply industry-standard safeguards to protect personal data, including transport encryption (HTTPS), a strict content security policy, and least access. See our Security page.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.

11. Contact

Questions about privacy? Email compliance@soc2start.io or use our contact form.

Get audit-ready. Stay in control.

Start free, then pay per framework as you grow. Transparent pricing that doesn't punish you for being early.

Privacy Policy · SOC2Start.io