Trust Center

Security isn't a feature we bolt on — it's how we build. Here's everything you need for your vendor review.

🛡 SOC 2 Type II

Compliant

Conduyt maintains SOC 2 Type II compliance, audited annually by Prescient Assurance. Our most recent report covers the Trust Services Criteria for Security, Availability, and Confidentiality.

Request Attestation Letter →

🔒 Data Protection

  • AES-256 encryption at rest for all customer data
  • TLS 1.3 enforced for all data in transit
  • Role-based access control with principle of least privilege
  • Complete audit logging with 90-day retention
  • Automatic daily backups with point-in-time recovery
  • GDPR and CCPA compliant data handling
  • HIPAA-ready infrastructure (BAA available on Premium+)

🏢 Sub-processors

We use a minimal set of sub-processors, each selected for their own security posture.

ProviderPurposeLocation
VercelApplication hosting & CDNUS (multi-region)
NeonPostgreSQL databaseUS-East
ResendTransactional emailUS
StripePayment processingUS

Last updated: April 2026. We notify customers 30 days before adding new sub-processors.

📋 Security Questionnaire

Need to complete a vendor security review? We maintain a pre-filled CAIQ v4 questionnaire and can support SIG, VSAQ, and custom questionnaire formats.

Request Questionnaire → Request DPA