Information Security & Compliance
Edgar Allan upholds strict security and compliance standards to protect our clients’ data.
If you want to review Edgar Allan SOC 2 report, please contact security@edgarallan.com.
Yes, we’re SOC 2 compliant.
We get audited regularly by an independent third-party and managed via Vanta to make sure our security controls are well-designed and actually work. That covers the full AICPA Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Request SOC 2 ReportOur policies are based on the following foundational principles:
Identity & access management
We don't leave access to chance. Our systems and data are protected against unauthorized access and disclosure. We enforce multi-factor authentication (MFA) and role-based access control (RBAC) where possible. Access reviews are regularly conducted.
Personnel security & education
Everyone on the team reviews and accepts our security policies during onboarding, and that's just the beginning. Background checks happen before anyone joins, security training is ongoing throughout the year, and employee performance reviews happen at least annually. We keep it consistent because good security habits only work if they're actually habits.
Identity & access management
Everyone at Edgar Allan signs a confidentiality agreement. Access to sensitive client data is limited to the team members whose work actually requires it. AI acceptable use policy is enforced. No more, no less. A simple rule, strictly followed.
Our flagship product follows these policies:
Data Security
Every bit of data moving through our systems is encrypted in transit via HTTPS. Everything stored, including databases, files, and backups, is encrypted at rest using AWS-managed keys.
Application Security
Passwords are hashed and sensitive data is encrypted at the application level. Secure storage isn't a nice-to-have for us, it's the baseline.
Infrastructure Security
Network access is restricted, permissions are role-based, and our infrastructure is continuously monitored. Backups run regularly so we're never starting from zero.
Data Retention
When an account or project is deleted, all associated data goes with it permanently.
System Availability
Our product runs on AWS, giving us enterprise-grade redundancy, scalability, and physical security built in. We monitor uptime continuously so issues get caught and dealt with fast.
Third-Party Testing
We don't just check our own work. Independent penetration testing, continuous vulnerability scanning via AWS Inspector, and compliance monitoring through Vanta keep an outside eye on our security posture.
We’ve partnered with Vanta to keep our compliance in check.
The Trust Center serves as a single source of truth to quickly review our company security practices, policies, and audit reports.
View Our Trust CenterWe're happy to share it with qualified organizations.
Request Edgar Allan’s SOC 2 ReportOur SOC 2 Type 1 report is available to prospective and current clients under a mutual Non-Disclosure Agreement (NDA). The report includes full auditor findings across all five Trust Service Criteria, control descriptions, test results, and our management response.
To request the report*, reach out to security@edgarallan.com.
A member of our team will respond within three business days to confirm your identity and share the report securely.