Certifications and audits
SOC 2 Type II, GDPR alignment, HIPAA, CASA, and annual penetration testing.
SOC 2 Type II
Cust is SOC 2 Type II certified. The full report is available on request during enterprise procurement so your security team can verify our controls against the Trust Services Criteria (security, availability, processing integrity, confidentiality, and privacy).
Penetration testing
We run third-party penetration tests on at least an annual cadence. Test reports are available on request, alongside our remediation work for any findings.
GDPR
Cust supports GDPR-aligned data handling. Customers are the data controller and Cust is the data processor for any personal data flowing through the platform. See Data handling for the controller and processor model in detail.
HIPAA
Cust supports HIPAA-aligned configurations for customers operating in regulated healthcare environments. Contact support@cust.co to discuss your specific requirements.
CASA
Cust is CASA (Cloud Application Security Assessment) verified, which is the security standard required for OAuth integrations with Google Workspace.
Request our security artifacts
Email support@cust.co to receive the SOC 2 Type II report, our latest penetration test summary, and any other due-diligence materials your team needs.