SocialHub.AI
Certified · Trust & Security

SOC 2 Type II

SocialHub.AI maintains a SOC 2 Type II attestation — an independent audit of our controls across all five Trust Services Criteria, tested over an operating period. The full report is available to customers and prospects under NDA.

How we meet each criterion

The Trust Services Criteria span five areas. Below is how the platform addresses each.

Security (Common Criteria)

  • Role-based access control with least-privilege defaults, enforced on every request.
  • Single sign-on (SSO) and multi-factor authentication for administrative access.
  • Encryption in transit (TLS) and at rest, with field-level encryption for personal data.
  • Network protection: authenticated gateways, rate limiting, and server-side request-forgery defenses.
  • A secure development lifecycle: automated checks, dependency and secret scanning, and reviewed changes.

Availability

  • Managed database with automated backups and point-in-time recovery.
  • Resilient job processing with retries, leases, and graceful shutdown.
  • Health checks and continuous monitoring across services.
  • Documented recovery objectives and periodic restore testing.

Processing Integrity

  • A single, governed source of truth for business metrics — no ad-hoc, drift-prone calculations.
  • Idempotent processing for orders, members, coupons, and receipts, so an event is never double-counted.
  • Honest reporting: campaign results are reported without fabricated statistical claims.

Confidentiality

  • Personal data is encrypted with per-record keys and searchable only through privacy-preserving blind indexes.
  • Sensitive fields are masked in the dashboard and redacted from logs and events.
  • Access to confidential data is least-privilege and audited.

Privacy

  • Versioned consent with an append-only evidence trail, enforced at send time across email, SMS, and push.
  • Data-subject access exports and deletion, with an honest coverage manifest.
  • Retention windows governed from a single source and reconciled with the published policy.

Continuous improvement

Security is an ongoing program, not a one-time milestone. We continuously strengthen our access, monitoring, and resilience controls, run periodic access reviews and recovery tests, and re-audit on a recurring basis to maintain our attestation.

Request our SOC 2 report

The full Type II report is available under NDA. Our security team can walk your reviewers through the controls and evidence.

Contact Security Team