SOC 2 Compliance
HumanAttest is actively pursuing SOC 2 Type II certification. This page outlines our current security controls and compliance posture.
Trust Service Criteria
Security
Access controls, encryption at rest (AES-256), TLS 1.3 in transit, MFA for all engineers, regular penetration testing.
Availability
99.9% uptime SLA, redundant infrastructure, automated failover, incident response procedures.
Confidentiality
Zero email content storage, data minimization by design, strict access controls, NDA for all staff.
Privacy
GDPR and CCPA compliant, data subject rights portal, privacy-by-design architecture, no data selling.
Processing Integrity
Cryptographic audit trail for all verification events, immutable logs, hash verification for recipients.
Current Security Controls
AES-256 Encryption
All data encrypted at rest.
TLS 1.3
All data encrypted in transit.
MFA Required
All engineer accounts require hardware MFA.
Pen Testing
Quarterly third-party penetration tests.
Access Logs
All database access is logged and audited.
Incident Response
24-hour incident response SLA.
Request Security Documentation
Enterprise customers can request our current security documentation, penetration test summaries, and compliance evidence package by contacting our security team.
Contact Security Team βFor the full technical security overview, see the Security Whitepaper. For privacy details, see the Privacy Policy.