Security and Compliance

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Ottomatic Security and Compliance. Our commitment to data privacy and security is embedded in every part of our business. Here you can learn about our security posture and request access to our security documentation.

Compliance

SOC 2 Type 1 Logo
SOC 2 Type 1
SOC 2 Type 2 Logo
SOC 2 Type 2

Ottomatic is reviewed and trusted by

Netflix-company-logoNetflix
Lawrence Livermore National Laboratory-company-logoLawrence Livermore National Laboratory
Snapon Business Solutions-company-logoSnapon Business Solutions
Coffman Engineers-company-logoCoffman Engineers
SeedCode-company-logoSeedCode
stationSMARTS-company-logostationSMARTS

Documents

COMPLIANCESOC 2 Type 1
COMPLIANCESOC 2 Type 2
LEGALCyber Insurance
LEGALService-Level Agreement
LEGALW-9
INCIDENT RESPONSEIncident Reporting Process

Risk Profile

Impact LevelSubstantial
Third Party DependenceYes
HostingMajor Cloud Provider

Product Security

Data Security
Multi-Factor Authentication
Role-Based Access Control

Reports

PCI DSS
Pentest Report
SOC 2 Report

Self-Assessments

Our security is an on-going effort. We will fill in security questionnaires upon request.

Data Security

Data Backups
Encryption-at-rest
Encryption-in-transit

App Security

Vulnerability & Patch Management

ESG

Anti-Bribery and Corruption
Anti-Modern Slavery
Code of Ethics
View more

Legal

SubprocessorsSentry-company-logoClerk-company-logoPostHog-company-logoSonar-company-logoStripe-company-logo
Cyber Insurance
Privacy Policy
View more

Data Privacy

Cookies
Data Breach Notifications

Access Control

Access Log Management
Bring Your Own Device (BYOD)
Device Lock
View more

Infrastructure

Status Monitoring
Anti-DDoS
Cloud Service Providers
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response

Network Security

Distributed Denial of Service Protection (Anti-DDoS)
Firewall
Network Penetration Testing
View more

Corporate Security

Penetration Testing

Policies

Acceptable Use Policy

Security Grades

Qualys SSL Labs
console.ottomatic.cloud
A+
www.ottomatic.cloud
A
www.proofgeist.com
A

Incident Response

Designated Response Personnel
Incident Reporting Process
Pager Service

Risk Management

We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.

Asset Management

We have strict asset management policies in place to ensure that all assets are accounted for and secure.

BC/DR

We have a business continuity plan in place to ensure that we can continue to operate in the event of a disaster.

Training

Phishing Training
Security Awareness Training
Social Engineering Training

Change Management

We have a change and configuration management process in place to ensure that changes are properly reviewed and approved.

Physical & Environment

Remote Telework

Continuous Monitoring

Automated Alert Response
Data Loss Prevention System (DLP)
Event & Audit Log Management
View more

Subprocessors

Security and Compliance Updates

SOC2 Type 2

Copy link
Compliance

Proof+Geist is proud to announce that we have achieved SOC 2 Type II certification. This milestone confirms that the security controls and operational practices we previously established under SOC 2 Type I have now been independently observed, tested, and verified over time by a third-party auditor. SOC 2 Type II demonstrates not just that our policies exist, but that they are consistently followed in practice—reinforcing our commitment to protecting customer data and maintaining a secure, reliable cloud platform. This certification reflects our ongoing investment in rigorous security standards and our dedication to earning and maintaining the trust of our customers and partners through continuous auditing and improvement.

If you need help using this Security and Compliance, please contact us.
Contact support
Built onSafeBase by Drata Logo