All systems operationalUpdated: Apr 16, 2026 · 09:41 UTC

Trust Center

Our Security Posture, Live.

We publish our compliance evidence, certifications, and security controls in real time — so you never have to ask for a questionnaire again.

View Certifications

Request Audit Report

SOC 2 Type IIISO 27001HIPAAGDPR

Compliance Score

Live

94%Score

SOC 2

91%Score

ISO 27001

98%Score

HIPAA

15 Passing

1 Review

16 controls

99.99%

Uptime

2,847

Evidence Items

Sub-Processors

Compliance Status

Continuously Audit-Ready

Compliance scores are pulled live from Chequr's evidence engine — not a quarterly snapshot.

SOC 2 Type II

Prescient Assurance

Certified

94%

Valid: Nov 202694%

ISO 27001

Bureau Veritas

Certified

91%

Valid: Aug 202691%

HIPAA

Internal Audit

Compliant

98%

Valid: Ongoing98%

GDPR

DPO Assessment

Compliant

96%

Valid: Ongoing96%

Certifications

Third-Party Attestations

Independently audited, continuously monitored. Download reports or request access under NDA.

Active

SOC 2 Type II

Annual third-party audit covering Security, Availability, and Confidentiality trust service criteria.

AuditorPrescient Assurance

PeriodNov 2024 – Nov 2025

Controls142

CERT-001

Active

ISO 27001

Information Security Management System (ISMS) certified to the international standard.

AuditorBureau Veritas

PeriodAug 2024 – Aug 2027

Controls114

CERT-002

Compliant

HIPAA

Health Insurance Portability and Accountability Act compliance with full BAA execution support.

AuditorInternal + BAA Program

PeriodOngoing

Controls75

CERT-003

Compliant

GDPR

General Data Protection Regulation compliance for all EU/EEA data subjects and processing activities.

AuditorDPO / Legal

PeriodOngoing

Controls60

CERT-004

Security Controls

15/16 Controls Passing

Every control is tested continuously by Chequr's agents. Evidence is collected automatically.

CC6.1Access

Passing

Logical Access Controls

MFA enforced, RBAC, quarterly access reviews.

18 evidence itemsApr 14, 2026

CC6.2Access

Passing

Multi-Factor Authentication

100% coverage across all production systems.

9 evidence itemsApr 14, 2026

CC6.6Encryption

Passing

Encryption in Transit

TLS 1.3+ enforced on all endpoints.

12 evidence itemsApr 12, 2026

CC6.7Encryption

Passing

Encryption at Rest

AES-256 via AWS KMS, customer-managed keys available.

11 evidence itemsApr 12, 2026

CC7.1Monitoring

Passing

Intrusion Detection

AWS GuardDuty + Datadog SIEM, 24/7 alert coverage.

22 evidence itemsApr 15, 2026

CC7.2Monitoring

Passing

System Monitoring

Full observability stack, anomaly detection active.

31 evidence itemsApr 15, 2026

CC8.1Monitoring

Review

Change Management

CAB review cadence being formalised.

7 evidence itemsApr 10, 2026

CC9.2Incident Response

Passing

Business Continuity

BCP tested Q1 2026. RTO < 4 hrs, RPO < 1 hr.

14 evidence itemsApr 1, 2026

CC9.1Incident Response

Passing

Incident Response

IR runbooks updated, tabletop exercise completed.

10 evidence itemsApr 5, 2026

A1.2Monitoring

Passing

Availability Monitoring

99.99% SLA, real-time uptime dashboards.

16 evidence itemsApr 15, 2026

CC3.3Vendor

Passing

Vendor Risk Management

Tier 1 vendors assessed annually, continuous monitoring.

20 evidence itemsMar 28, 2026

CC6.4Physical

Passing

Physical Access Controls

AWS physical controls inherited (SOC 2 Type II).

8 evidence itemsFeb 10, 2026

CC6.3Access

Passing

Password Policy

Complexity + rotation enforced via IdP.

6 evidence itemsApr 13, 2026

CC6.8Encryption

Passing

Key Management

AWS KMS, 90-day key rotation, HSM-backed.

9 evidence itemsApr 12, 2026

CC7.4Monitoring

Passing

Vulnerability Management

Snyk + AWS Inspector, critical patches <48 hrs.

25 evidence itemsApr 15, 2026

CC6.5Access

Passing

Privileged Access

Just-in-time access, zero standing privileges.

11 evidence itemsApr 14, 2026

Infrastructure

Built for Resilience

Globally distributed, redundant by design — your data never has a single point of failure.

Hosting Regions

AWS — multi-region active/active

N. Virginiaus-east-1Primary

12msOnline

Oregonus-west-2

18msOnline

Ireland (EU)eu-west-1

28msOnline

Data residency selection available in Enterprise plan

Uptime SLA

Rolling 90-day window

90 days ago

0 %

uptime

Today

Security Architecture

Encryption in Transit

TLS 1.3+

Encryption at Rest

AES-256

Key Management

AWS KMS

Secret Scanning

Enabled

Penetration Testing

Annual

Vulnerability Scans

Daily

Sub-Processors

Third-Party Vendors

A complete list of sub-processors with whom we share customer data, along with their certifications.

LogoVendorPurposeRegionCerts

Amazon Web Services

Cloud Infrastructure

All customer data

US / EU

SOC 2ISO 27001

Datadog

Monitoring & Observability

Logs, metrics, traces

SOC 2

Stripe

Payment Processing

Payment metadata

US / EU

PCI-DSSSOC 2

Intercom

Customer Support

Name, email, chat logs

SOC 2

SendGrid

Transactional Email

Email address, name

SOC 2ISO 27001

MongoDB Atlas

Database

Application data

US / EU

SOC 2ISO 27001

Snowflake

Data Warehouse

Analytics data

SOC 2ISO 27001

Okta

Identity & SSO

User identities, auth events

SOC 2ISO 27001

Policies

Security Documentation

Public policies are immediately available. NDA-gated documents can be requested below.

Public

Security Policy

Comprehensive information security governance, controls, and responsibilities.

Updated Feb 2026

POL-001

Public

Privacy Policy

How we collect, use, and protect personal data of users and customers.

Updated Jan 2026

POL-002

Public

Acceptable Use Policy

Rules for appropriate use of Chequr services and customer data handling.

Updated Dec 2025

POL-003

NDA Required

Incident Response Plan

Procedures for detecting, responding to, and recovering from security incidents.

Updated Mar 2026

POL-004

NDA Required

Penetration Test Report

Annual third-party pen test results — Cobalt.io. Critical/High: 0 open findings.

Updated Q1 2026

POL-005

NDA Required

Business Continuity Plan

Disaster recovery, backup strategy, and BCP test results for continuity assurance.

Updated Jan 2026

POL-006

Document Access

Request Restricted Reports

Our penetration test reports, audit packages, and Business Continuity Plan are available under NDA. Fill in your details and we'll send a secure link within one business day.

Penetration Test Report (Q1 2026)

Cobalt.io · 0 critical open findings

SOC 2 Type II Full Report

Prescient Assurance · Dec 2025

Business Continuity Plan

Tested Mar 2026 · RTO < 4 hrs

Request Document Access

First name

Last name

Work email

Company

Documents requested

Penetration Test ReportSOC 2 Type II Full ReportBusiness Continuity Plan

By submitting you agree to sign our standard NDA. We respond within 1 business day.

Chequr · AI CompliancePowered by Chequr

Want a Trust Center like this for your company?

Chequr builds and maintains your public Trust Center automatically — always up to date, always accurate.

Book a demo

Learn more

Chequr · AI Compliance PlatformSetup in days · Audit-ready in weekschequr.com