SOC 2 Type II Compliant

SOC 2 Compliant
Infrastructure

Built on Trust Services Criteria for enterprise-grade security. Our infrastructure and technology stack align with SOC 2 Type II controls to protect your data.

Request Compliance DocsContact Our Team
Understanding SOC 2

The Gold Standard for Service Organization Controls

SOC 2 (Service Organization Control 2) is a framework developed by the AICPA for managing customer data based on five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Our Type II alignment means we continuously follow these controls over time, not just at a single point. This ongoing commitment ensures your data is protected by consistent, rigorous security practices.

Trust Services Criteria

Security
Protecting against unauthorized access
Availability
Ensuring system uptime and reliability
Processing Integrity
Accurate and authorized data processing
Confidentiality
Restricting data access appropriately
Privacy
Proper handling of personal information
Our Approach

How We Align with SOC 2 Controls

Our infrastructure and processes are built around the five Trust Services Criteria, ensuring comprehensive protection for your data.

Security

Protecting against unauthorized access

  • Access control management
  • Encryption at rest and in transit
  • Intrusion detection systems

Availability

Ensuring system uptime and reliability

  • 99.9% uptime commitment
  • Redundant infrastructure
  • Disaster recovery planning

Processing Integrity

Accurate and authorized data processing

  • Data validation checks
  • Comprehensive audit logging
  • Error handling procedures

Confidentiality

Restricting data access appropriately

  • Role-based access control
  • Data classification policies
  • Secure data disposal

Privacy

Proper handling of personal information

  • Privacy policy enforcement
  • Consent management
  • Data subject rights support
Certified Infrastructure

Built on Certified Cloud Partners

We host on our own Hetzner VPS infrastructure in Virginia, with redundancy in Oregon and Germany.

Hetzner VPS

Virginia + redundancy in Oregon and Germany

Cloudflare

SOC 2 Type II Certified

PostgreSQL Cloud

SOC 2 Compliant

Important Distinction

Our cloud infrastructure providers maintain their own SOC 2 certifications. Senova CRM aligns with SOC 2 controls and can provide compliance documentation upon request for enterprise clients.

For Enterprise Clients

Compliance Documentation on Request

We understand enterprise clients have rigorous compliance requirements. Our team can compile and provide detailed documentation of our security practices, policies, and controls upon request.

  • Security policies and procedures
  • Access control documentation
  • Incident response plans
  • Business continuity plans
  • Vendor management policies
  • Data handling procedures
  • System architecture overview

Request Documentation

Contact our compliance team to request detailed security documentation for your review.

Request Documentation

Ready to Discuss Compliance?

Our team can answer questions about our security practices and provide the documentation you need for your compliance reviews.

Schedule a CallEmail Compliance Team
8 The Green #21994, Dover, DE 19901
[email protected]

Related Documents

SecurityRegulated Data AddendumPrivacy PolicyTerms of Service