Idukki
Trust center

The receipts your security team wants.

SOC 2 Type II in audit, GDPR + CCPA, ISO-aligned, AWS eu-west-2 hosting, SSO. Everything procurement and security need in one place, current controls + sub-processors downloadable under NDA in minutes, not weeks.

Compliance + certifications

Audited annually by an independent third party. Reports available under NDA.

  • SOC 2 Type II

    In audit. Target Q3 2026. Current controls + sub-processors available under NDA.

  • GDPR + CCPA

    Data hosted in AWS eu-west-2 (London). DPA signed by default.

  • ISO 27001 aligned

    ISMS controls modelled on ISO 27001:2022. Certification on roadmap H2.

  • PCI-aware

    No card data ever touches our systems, handled by Stripe + your gateway.

  • HIPAA-ready (BAA)

    BAA available for healthcare brands on Enterprise plans.

  • Cyber Essentials

    UK Cyber Essentials on the certification roadmap for our public-sector customers.

Platform security

How we keep your data safe in transit, at rest and at the seams.

  • SSO + SCIM

    SAML 2.0 + OpenID Connect. SCIM 2.0 user provisioning. MFA enforced for all admin roles.

  • Encryption everywhere

    TLS 1.3 in transit, AES-256 at rest. Per-tenant KMS keys on Enterprise.

  • AWS eu-west-2 (London)

    Single-region hosting in eu-west-2 today. Additional regions (US, AP) available on request for Enterprise.

  • Audit logs + exports

    Tamper-evident log of every admin action. CSV export and SIEM stream (Splunk, Datadog).

  • Continuous scanning

    SAST, dependency scanning and container CVE scanning on every commit. Pen-tested quarterly.

  • Incident response

    Severity-1 acknowledgement under 1 hour during business hours. Written post-mortem to impacted customers within 5 business days.

Procurement-ready

Documents your legal + finance teams want before a kickoff.

  • Master Service Agreement

    Standard MSA with redline-friendly clauses for global enterprises.

    Request
  • Data Processing Addendum

    GDPR + UK GDPR + CCPA compliant DPA, with EU SCCs and UK IDTA.

    Request
  • Sub-processors list

    Live list at /trust/subprocessors with 30-day change notification email.

    Request
  • Service Level Agreement

    99.95% uptime SLA on Enterprise. Service credits codified.

    Request
  • Vendor security questionnaire

    CAIQ + SIG-Lite + custom questionnaires pre-filled. Average turn-around: 48 hours.

    Request
  • Insurance

    $10M cyber liability + $5M E&O. Certificates on request.

    Request
Vulnerability disclosure

Found a security issue? Tell us first.

We run a private bug bounty on HackerOne and a public coordinated disclosure process. We acknowledge every report within 24 hours and pay bounties for valid findings.

  • 24-hour first response
  • Bounties up to $10,000 for critical findings
  • Public hall-of-fame for researchers

Cloudflare bot-protection

No spam. Unsubscribe anytime. We never sell your data.

4-min setupDTC + B2B brands37 KB runtimeReal G2 reviews

Security review

Need our SOC 2 report or DPA?

Available under NDA in minutes. Plus a fully-prefilled vendor security questionnaire (CAIQ + SIG-Lite).

  • No credit card
  • Cancel anytime
  • SOC 2 + GDPR

We use cookies

We use essential cookies to run this site and optional analytics cookies to understand how itโ€™s used. You can change your choice anytime in our privacy policy.