Security you can verify.
Not just claim.
Encryption, access controls, audit logs, and transparent subprocessor list. Everything your security team needs to review.
Built secure from day one.
Encryption at rest and in transit
All data encrypted using AES-256. TLS 1.3 for all connections. Keys managed via AWS KMS with automatic rotation.
SOC 2 Type II
Audit in progress. Expected completion Q3 2026. Current controls meet SOC 2 requirements; formal report pending.
Access controls and audit logging
Role-based access control (RBAC) for all accounts. Every action logged with actor, timestamp, IP, and resource.
Infrastructure security
Hosted on AWS in US-EAST-1. Isolated VPCs, private subnets, security groups. Regular penetration testing.
Data retention and deletion
Soft delete (30 days), hard delete (90 days). Customer data removed within 30 days of account closure. Audit logs retained 1 year.
Compliance frameworks
GDPR-compliant data processing. CCPA data subject rights honored. DPA available for enterprise customers.
Where your data goes.
No surprises.
Material changes to this list are communicated to active customers at least 30 days before taking effect. Last updated: May 2026.
On SOC 2 and certifications
Growth Terminal is currently undergoing SOC 2 Type II audit. Expected completion: Q3 2026.
We built the system to SOC 2 requirements from day one: encryption, access controls, audit logs, change management, incident response. The controls are live. The formal report is pending.
If your procurement requires an active SOC 2 report before contract signature, we can share our audit timeline and current control documentation. Reach out below.
Questions about security?
Request our security questionnaire pack, DPA, or schedule a call with our security team.