We adhere to strict global standards to ensure our platform is verifiable and trustworthy.Documentation Index
Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
Use this file to discover all available pages before exploring further.
SOC 2 Type II (Aligned)
Truthlocks operates in alignment with AICPA SOC 2 (Security) Trust Service Criteria. Our internal controls cover access, change management, incident response, and risk assessment.- Monitoring: Continuous control monitoring of our AWS environment.
- Penetration Tests: Annual third-party assessments.
- Backup Retention: Production database backups are retained for 30 days, providing a point-in-time recovery window that aligns with SOC 2 expectations for data backup controls. Your data is automatically covered by this retention policy — no action is required on your part.
GDPR & data sovereignty
We are fully compliant with GDPR requirements for data processors.- Data Residency: Tenants can pin their data to a specific geographic region (US, EU, or AF). See data residency for supported regions, enforcement details, and how to configure your region.
- DPA: A Data Processing Agreement is available for all Enterprise customers.
- Right to Erasure: Automated workflows to delete user data upon request.
Other Standards
- CCPA: Compliant for California residents.
- OAuth 2.0 / OIDC: Standard adherence for secure identity federation.