Skip to main content

Security & Compliance

Shaped is SOC 2 Type 2 compliant. An independent, third-party audit, conducted by Prescient Assurance, LLC, has confirmed that our information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards for security as developed by the American Institute of Certified Public Accountants (AICPA).

The audit and attestation confirm our commitment to the highest standards of security and data protection. The successful completion of the SOC 2 Type 2 examination, which covers the period from February 1, 2025, to May 1, 2025, provides our customers with the assurance that their data is being handled securely.

For a copy of our SOC 2 Type 2 report, please contact us.

Security

Shaped was built from the ground-up with security as a top priority. We operate as a cloud software-as-a-service (SaaS) platform, and will discard any unused data when requested. Shaped performs well without Personally Identifiable Information (PII) and, for an added layer of security, works on encrypted data if needed.

Shaped uses best physical, virtual, network and operational security practices. We rely on role-based authentication for all data access and records audit logs for every action. We avoid data replication and have clear multi-tenant isolation policies to ensure sensitive and critical systems are separated. Shaped uses isolated VPCs for all production deployments. Data is encrypted at rest using AES-256 encryption or higher and all ingress and egress traffic is encrypted via TLS 1.2+.

Compliance

Shaped is also GDPR compliant. We follow best security and governance practices, including using Vanta for real-time security and compliance monitoring, employee security training, device management, penetration testing, vulnerability scanning, and secure software development practices. We have a data processing addendum available on request if you require more information.

Subprocessor List

Third Party EntityLocationService Provided
Amazon Web Services Inc.United States (us-east-2)Cloud hosting
ClickHouse, Inc.United StatesDatabase Hosting