Compliance
3Independently audited and continuously evidenced against the standards our customers rely on.
EU AI Act
EU Artificial Intelligence (AI)I Act (Regulation (EU) 2024/1689)
- Valid through
- Jun 22, 2027
GDPR
General Data Protection Regulation (GDPR)
- Valid through
- Jun 22, 2027
ISO 27001
ISO/IEC 27001:2022
- Valid through
- Jun 22, 2027
- Certificate
- SE559537-3647
Controls
245The safeguards we operate across our organization, technology, people, and facilities.
Inventory Labels
Asset ManagementOrganization assets are labeled and have designated owners.
Media Marking
Asset ManagementWhere applicable, Organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. Exemptions must be approved by management and remain in a specific controlled area.
Asset Transportation Authorization
Asset ManagementOrganization authorizes and records the entry and exit of systems at datacenter locations.
Maintenance of Assets
Asset ManagementEquipment maintenance is documented and approved according to management requirements.
Business Continuity Plan
Business ContinuityOrganization's business contingency plan is periodically reviewed, approved by management and communicated to relevant team members.
Continuity Testing
Business ContinuityOrganization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results
Business Impact Analysis
Business ContinuityOrganization identifies the business impact of relevant threats to assets, infrastructure, and resources that support critical business functions. Recovery objectives are established for critical business functions.
Capacity Forecasting
Business ContinuityBudgets for infrastructure capacity are established based on analysis of historical business activity and growth projections; purchases are made against the established budget and plans are updated on a quarterly basis.
Resources
12Policies, documentation, and reports that govern how we protect customer data.
Legal, Regulatory & Contractual Compliance Register
Version 2026.2 · Reviewed Jan 25, 2026 · yearly
Asset Management & Privacy Policy
Version 2026.2 · Reviewed Jan 25, 2026 · yearly
ISMS Scope & Context
Version 2026.2 · Reviewed Jan 25, 2026 · yearly
Incident Response Plan
Version 2026.1 · Reviewed May 17, 2026 · yearly
Third-Party Risk & Supplier Security Policy
Version 2026.1 · Reviewed Jan 25, 2026 · yearly
Secure Development & Change Management Policy
Version 2026.1 · Reviewed Jan 12, 2026 · yearly
Access Control Policy
Version 2026.1 · Reviewed Jan 25, 2026 · yearly
Internal Audit Policy & Procedure
Version 2026.3 · Reviewed Jan 12, 2026 · yearly
Subprocessors
13Third-party providers that process customer data on our behalf, and where they operate.
Framer
Software as a ServiceOAuth app authorized by users
Anthropic
Software as a ServiceClaude assistant platform by Anthropic
OpenAI
Software as a ServiceAI platform and language model provider
Google services and applications
Amazon Web Services
cloudCloud computing platform
Google Cloud Platform
cloudCloud computing platform
Google Workspace
OtherA suite of cloud-based productivity and collaboration tools including email, calendars, and file storage provided by Google.
Vercel
OtherVercel is a cloud platform for static sites and serverless functions that enables developers to host websites and web applications.
Questions about our security?
We're glad to help your security and procurement teams move quickly.