Skip to main content

Security & Compliance


Shaped was built from the ground-up with security as a top priority. We operate as a cloud software-as-a-service (SaaS) platform, and will discard any unused data when requested. Shaped performs well without Personally Identifiable Information (PII) and, for an added layer of security, works on encrypted data if needed.

Shaped uses best physical, virtual, network and operational security practices. We rely on role-based authentication for all data access and records audit logs for every action. We avoid data replication and have clear multi-tenant isolation policies to ensure sensitive and critical systems are separated. Shaped uses isolated VPCs for all production deployments. Data is encrypted at rest using AES-256 encryption or higher and all ingress and egress traffic is encrypted via TLS 1.2+.


Shaped is SOC 2 Type 1 and GDPR compliant. We follow best security and governance best practices including using Vanta for real-time security and compliance monitoring, employee security training, device management, penetration testing, vulnerability scanning and secure software development practices. We have a data processing addendum on request if you require more information.

Subprocessor List

Third Party EntityLocationService Provided
Amazon Web Services Inc.United States (us-east-2)Cloud hosting
ClickHouse, Inc.United StatesDatabase Hosting