SOC 2 Type II (Readiness)
Truthlocks operates in accordance with AICPA SOC 2 (Security) Trust Service Criteria. Our internal controls cover access, change management, incident response, and risk assessment.- Monitoring: Continuous control monitoring of our AWS environment.
- Penetration Tests: Annual third-party assessments.
GDPR & Data Sovereignty
We are fully compliant with GDPR requirements for data processors.- Data Residency: Tenants can pin their data to the EU (Dublin) region.
- DPA: A Data Processing Agreement is available for all Enterprise customers.
- Right to Erasure: Automated workflows to delete user data upon request.
Other Standards
- CCPA: Compliant for California residents.
- OAuth 2.0 / OIDC: Standard adherence for secure identity federation.