Security & Trust
Last updated: June 2026
How we protect customer data — and model the standards we help our customers meet.
1. Our approach
We sell compliance, so we hold this site and our product to the standards we help customers meet. Security is built on best practices — role-based access, audit trails, document sign-off and encryption — and on transparency: an open-source core you can inspect.
2. Application security (this site)
- HTTPS everywhere, with HSTS and automatic HTTP→HTTPS upgrade.
- A strict, nonce-based Content Security Policy on every response.
- Hardened headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy and Permissions-Policy.
- No third-party trackers, ad pixels, or client-side secrets.
- Contact-form input is validated server-side with spam and rate-limit protection.
3. Data protection & encryption
Data is encrypted in transit using TLS. For the product, data is encrypted at rest and access is scoped to least privilege. {{ENCRYPTION_SPECIFICS}}
4. Access controls
Role-based access control, audit logging and documented approval workflows protect sensitive data and provide an evidenced trail. {{ACCESS_CONTROL_SPECIFICS}}
5. Infrastructure & hosting
Hosted on secure, managed cloud infrastructure with encryption in transit and at rest and least-privilege access. Private cloud hosting and data-residency options are available for enterprise customers. {{HOSTING_SPECIFICS}}
6. Open source & data sovereignty
Our open-source core means no black box — you can review exactly how data is handled, and export your data at any time.
7. Compliance status
SOC2Start is committed to strong security practices and is working toward its own formal certifications. We do not currently claim to hold a SOC 2 (or other) certification. This page will be updated with any certification status once independently verified. {{CERTIFICATION_STATUS}}
8. Responsible disclosure
Found a vulnerability? We appreciate responsible disclosure. Please email security@soc2start.io with details and steps to reproduce. {{DISCLOSURE_POLICY}}
9. Contact
Security questions or documentation requests? Email security@soc2start.io or visit our trust center.
Get audit-ready. Stay in control.
Start free, then pay per framework as you grow. Transparent pricing that doesn't punish you for being early.