Compliance
2Independently audited and continuously evidenced against the standards our customers rely on.
GDPR
General Data Protection Regulation (GDPR)
- Valid through
- Jun 23, 2027
ISO 27001
ISO/IEC 27001:2022
- Valid through
- Jun 23, 2027
- Certificate
- 221225-3
Controls
146The safeguards we operate across our organization, technology, people, and facilities.
Inventory Labels
Asset ManagementOrganization assets are labeled and have designated owners.
Media Marking
Asset ManagementWhere applicable, Organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. Exemptions must be approved by management and remain in a specific controlled area.
Asset Transportation Authorization
Asset ManagementOrganization authorizes and records the entry and exit of systems at datacenter locations.
Maintenance of Assets
Asset ManagementEquipment maintenance is documented and approved according to management requirements.
Continuity Testing
Business ContinuityOrganization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results
Business Impact Analysis
Business ContinuityOrganization identifies the business impact of relevant threats to assets, infrastructure, and resources that support critical business functions. Recovery objectives are established for critical business functions.
Capacity Forecasting
Business ContinuityBudgets for infrastructure capacity are established based on analysis of historical business activity and growth projections; purchases are made against the established budget and plans are updated on a quarterly basis.
Backup Configuration
Backup ManagementOrganization configures redundant systems or performs periodic backups of data to resume system operations in the event of a system failure.
Resources
28Policies, documentation, and reports that govern how we protect customer data.
Legal, Regulatory & Contractual Compliance Register
Version 2026.2 · Reviewed Jan 15, 2026 · yearly
Security Assurance & Performance Standard
Version 2026.1 · Reviewed May 17, 2026 · yearly
Data Breach Response & Continuity Plan
Version 2026.1 · Reviewed May 17, 2026 · yearly
Technical Security Controls & Roles
Version 2026.1 · Reviewed May 17, 2026 · yearly
Third-Party Management & Data Transfer Policy
Version 2026.1 · Reviewed Jan 27, 2026 · yearly
DPIA & Risk Management Methodology
Version 2026.1 · Reviewed Jan 27, 2026 · yearly
Data Retention & Disposal Policy
Version 2026.1 · Reviewed Jan 27, 2026 · yearly
Data Subject Rights (DSAR) Procedure
Version 2026.1 · Reviewed Jan 27, 2026 · yearly
Subprocessors
7Third-party providers that process customer data on our behalf, and where they operate.
Resend
Software as a ServiceEmail sending platform
Clerk
Software as a ServiceAccount platform
OpenAI
Software as a ServiceAI platform and language model provider
Vercel
cloudFrontend cloud platform
Sentry
Software as a ServiceError monitoring and performance platform
Google Cloud Platform
OtherA suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.
Stripe
OtherAn online payment processing platform for internet businesses.
Questions about our security?
We're glad to help your security and procurement teams move quickly.