Compliance
SOC 2 Posture
Version 1.1 · Effective: 2026-06-13 · Last updated: 2026-06-13
AuthDeep maps its control posture to SOC 2 Trust Services Criteria. AuthDeep has not yet completed an independent SOC 2 Type II audit.
1. Attestation status
SOC 2 is an AICPA attestation framework covering Security, Availability, Processing Integrity, Confidentiality, and Privacy. This page describes alignment, not a third-party report. AuthDeep has not yet completed a SOC 2 Type II audit.
2. Security
Tenant-scoped access control, MFA and passkeys, opaque HttpOnly sessions, no auth tokens in browser storage, TLS on every hop, versioned releases, embedded migrations, request protection, and security logging support the Common Criteria.
3. Availability
Self-hosted deployments can use redundant application, PostgreSQL, and Redis infrastructure. Health endpoints support monitoring, metrics are available on qualifying plans, and supported Enterprise deployments may contract for a 99.99% SLA.
4. Processing integrity
Policy-driven request handling and parameterized database operations reduce unintended processing. Authentication and administrator actions are recorded with actor, action, timestamp, tenant, reason, and request identifiers.
5. Confidentiality and privacy
Secrets are supplied through protected configuration rather than source code. Gateway-side credential injection limits client exposure. Retention is bounded. In self-hosted deployments, personal data remains inside customer infrastructure. The public site uses minimal data and no advertising trackers.
6. Customer audit use
Customers can use audit exports, MFA policies, role assignments, service configuration, security documentation, and release evidence within their own SOC 2 scope. Enterprise support can assist with questionnaires and deployment guidance.
7. Audit roadmap and contact
AuthDeep will update this page when independent audit milestones change. Request current control information through the Support Portal; do not treat this page as an attestation report.