SOC 2
Current status
Senzo is currently SOC 2 in progress. We are building toward SOC 2 Type I certification, with Type II to follow.What SOC 2 means
SOC 2 is a third-party audit of a company’s security, availability, and data handling practices against the AICPA Trust Services Criteria. A SOC 2 report provides assurance to customers that controls are in place and operating effectively.- Type I — confirms controls are designed correctly at a point in time
- Type II — confirms controls operated effectively over a 6–12 month period
Controls in place today
While formal certification is in progress, Senzo has implemented the following controls: Access control- Authentication via Supabase Auth
- Role-based access control with principle of least privilege
- Row Level Security (RLS) enforced at the database level
- Server-side super admin verification
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Organization-level data isolation
- No cross-organization data access possible
- Security monitoring in place
- Incident response process documented
- Contact hello@senzohq.com for security disclosures
- Supabase (AWS ca-central-1) — SOC 2 Type II certified
- Vercel — SOC 2 Type II certified
- Anthropic Claude API — enterprise data handling agreements in place
- All code changes reviewed before deployment
- No direct production database access
- Migrations applied through controlled deployment pipeline