Skip to main content

Compliance

Supercut is built for teams that care about security, with SOC 2 Type II, ISO 27001, and GDPR all in place.

Written by Supercut

SOC 2 Type II

SOC 2 Type II is an independent audit of how we handle customer data over time, covering security, availability, and confidentiality. Type II is the more thorough of the two SOC 2 reports, because it looks at how our controls actually perform over a monitoring period rather than checking that they exist on a single day.

Here is what that means in practice:

  1. An external auditor reviews our controls across a monitoring period, not just at a single point in time, so the report reflects how we operate day to day rather than how we look in one snapshot.

  2. It confirms we protect your data the way we say we do, with checks on things like access controls, monitoring, and how we respond when something goes wrong.

  3. A copy of our report is available to teams that need it for their own security review, so your team can verify our practices instead of taking our word for it.

If you'd like access to the SOC 2 report, you can request it here. We'll ask you to sign an NDA first, and then give you access to the full report.

ISO 27001

ISO 27001 is an international standard for managing information security. It certifies that we run a structured information security management system, which is the set of policies and processes we use to keep your data safe. In plain terms, it covers how we assess risk, control who has access to what, and respond to incidents if they happen. The certification is reviewed regularly by an external body, so it stays current rather than being a one-time stamp.

Download the certificate.

GDPR

Supercut is compliant with the General Data Protection Regulation, the EU law that governs how personal data is collected, stored, and used. You stay in control of your data, including the right to access it or ask us to delete it, and we only process personal data for clear, stated reasons.

If your team needs a Data Processing Agreement (DPA), we're happy to sign one. Just contact us at [email protected] and we'll sort it out with you.

For the full detail on how we collect, store, and use data, see:

You can review our certifications, security controls, and reports anytime in our Trust Center.

That's it!

These are the standards we hold today. If you need our SOC 2 report, a copy of our ISO 27001 certificate, or a signed DPA, you'll find them in the Trust Center, or you can reach out and we'll share what you need.

Related Articles
Enterprise plan
Did this answer your question?