Trust · Compliance
Trust & compliance posture
socbox.cloud is built by security operators. Everything below is what we’d want a vendor we’re evaluating to tell us — clearly, in one place, without a “contact sales” gate.
Compliance status
- SOC 2 Type II: audit in progress. Estimated bridge letter Q3 2026.
- ISO 27001: planned, kicked off post-GA.
- GDPR: compliant. EU representative listed in our Privacy Policy.
- HIPAA: not in scope today.
- FedRAMP: not in scope today.
Security commitments
- Strong encryption in transit and at rest.
- Authenticated, mutually-encrypted communication between internal services; default-deny network isolation.
- Signed, verified build artifacts.
- Audit logs planned to be retained 13 months on paid plans (coming soon).
- Annual third-party penetration test.
- Vulnerability disclosure: email security@socbox.cloud with a public PGP key. Bug bounty coming at GA.
Incident response
Any security incident affecting your data triggers a written notification to your account email within 24 hours of confirmation. Status updates land on our public status page (coming soon) until the incident is closed; a post-mortem ships within 14 days.
Asks before signing
Need a counter-signed DPA, a custom SCC, or a vendor-security questionnaire? Email legal@socbox.cloudwith your timeline and we’ll turn it around in <2 business days.