Menu
Use Cases Pricing About View as Slide Deck Free Tools Blog
Talk to Us

An army of analysts that never sleep.

Trust & Security

Autograph Trust Center

Autograph is committed to protecting the data of our customers and employees. We began laying our security and compliance foundations from our earliest days.

Certifications

Autograph adheres to industry-standard compliance frameworks, including SOC 2 Type II, GDPR, and CCPA. This ensures that our internal controls and processes meet and exceed industry practices in security & reliability.

🛡 SOC 2 Type II
🇪🇺 GDPR Compliant
🔒 CCPA Compliant

Resources

  • Information Security Policy
  • SOC-2 Type I Report
  • SOC-2 Type II In-Progress Letter
  • Most Recent Pentest Report (Aug 2024)
  • Production Network Diagram
  • Request Documentation

Every member of our workforce prioritizes security

Autograph fosters a robust security-focused environment, equipping all staff members with necessary training, resources, and tools to operate securely. Every employee is required to adhere to Autograph's internal guidelines and protocols regarding the confidentiality of client information.

Security is fundamental to our culture and process

The way we build incorporates security measures from the outset, ensuring that our products, procedures, and practices surpass industry standards.

Encryption protects your data when you use Autograph

We implement cutting-edge encryption protocols to safeguard your information. Our infrastructure uses AES-256 at rest and TLS 1.3 in transit to encrypt and safeguard your data.

We are built on secure cloud infrastructure

We leverage secure cloud infrastructure. Autograph operates on AWS' industry-leading cloud platform, benefiting from years of security enhancements to guarantee optimal performance, resilience, and rapid deployment.

Continuous monitoring and regular testing to protect data

Autograph's infrastructure is continuously monitored using industry-leading intrusion detection systems. Security consultants conduct penetration testing at least every year, and our internal team conducts an automated scan on a weekly basis.

Adherence to global data and security standards

Autograph complies with SOC 2, GDPR, and CCPA regulations. The SOC 2 certification is an independent audit report providing information and assurance about Autograph's control measures.

Security at Autograph

Download Whitepaper

2025

Sub-processors

  • Amazon Web Services — Autograph uses AWS for cloud hosting of databases.
  • Render — Autograph uses Render for servers & frontend deployment.
  • Synadia — Autograph uses Synadia to manage NATS (data streaming).
  • Prisma — Autograph uses Prisma to manage database workflows & object-relational mapping.
  • Finch — Autograph uses Finch to power payroll & HRIS integrations.
  • Oneschema — Autograph uses OneSchema for validating & processing spreadsheet imports.

FAQs

How does Autograph comply with SOC-2?
Autograph has completed a SOC 2 Type I audit and is currently undergoing SOC 2 Type II certification. Our controls cover security, availability, and confidentiality. We engage independent third-party auditors to verify our compliance on an ongoing basis.
What level of access does Autograph need to connect key systems?
Autograph uses read-only API connections wherever possible. We request only the minimum permissions required to pull the data needed for your workflows. All connections use OAuth 2.0 or secure API keys, and you can revoke access at any time from your settings.
Does Autograph conduct penetration testing?
Yes. We engage third-party security consultants to conduct penetration testing at least annually. Our internal team also runs automated vulnerability scans on a weekly basis. Results are reviewed by our security team and remediated according to severity.
How does Autograph use AI within the product?
Autograph uses AI to automate repetitive finance and operations workflows. Our AI agents process your data within your secure environment. Your data is never used to train models — it remains exclusively yours. All AI outputs are auditable and version-controlled.
How does Autograph comply with GDPR?
Autograph complies with the General Data Protection Regulation (GDPR) by implementing data protection by design, maintaining records of processing activities, and ensuring data subjects can exercise their rights including access, rectification, erasure, and portability. We have appointed a Data Protection Officer and maintain Data Processing Agreements with all sub-processors.
How does Autograph comply with CCPA?
Autograph complies with the California Consumer Privacy Act (CCPA) by providing California residents the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information to third parties.

Questions about security?

We're happy to walk through our security practices in detail.

Get Started