Trust Center

Security, compliance, and transparency are at the core of everything we do. Learn how we protect your data and maintain the highest standards.

Compliance Certifications

βœ“

SOC 2 Type I

In Progress

Expected: May 2026

⏳

SOC 2 Type II

Observation Window

Started: April 2026

πŸ‡ͺπŸ‡Ί

GDPR

Compliant

DPA Available

πŸ‡ΊπŸ‡Έ

CCPA

Compliant

Privacy Policy Updated

Security Posture

πŸ” Encryption

  • β€’ TLS 1.3 on all public endpoints
  • β€’ AES-256 encryption at rest
  • β€’ GCP KMS for key management
  • β€’ 90-day key rotation

πŸ›‘οΈ Access Control

  • β€’ SSO via Google Workspace/Okta
  • β€’ MFA required for all employees
  • β€’ Quarterly access reviews
  • β€’ RBAC per workspace

πŸ“‹ Compliance

  • β€’ 12 security policies documented
  • β€’ Vanta integration for continuous monitoring
  • β€’ Annual third-party audits
  • β€’ 7-year audit log retention

πŸ”„ Availability

  • β€’ 99.9% SLA (enterprise)
  • β€’ PITR with 35-day retention
  • β€’ Weekly backups to isolated project
  • β€’ Monthly restore drills

Audit Reports

SOC 2 audit reports are available under NDA. To request access:

  1. Sign our NDA via HelloSign
  2. Receive time-limited signed URL
  3. Download report (valid for 48 hours)
Request NDA

Security FAQ

Where is my data stored?

Customer data is stored in GCP us-central1 (Iowa) by default. Enterprise customers can specify alternative regions.

Who has access to my data?

Access is restricted to authorized personnel with documented need-to-know. All access is logged and audited. SSO + MFA required for all employees.

What happens if there's a data breach?

We notify affected customers within 72 hours per GDPR requirements. Incident response procedures include containment, investigation, and remediation.

Can I delete my data?

Yes, you can request a full data export or permanent deletion via the API or dashboard. Deletion certificates are provided within our 30-day SLA.

Is my data encrypted?

Yes, all data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database encryption uses Cloud SQL CMEK.

Do you use sub-processors?

Yes, we use sub-processors for infrastructure, payments, and AI services. See our sub-processor list for details. We notify customers 30 days in advance of any changes.

Questions?

Contact our security team for any security-related inquiries.

security@blazecrawl.dev