Skip to main content

Security & Compliance

SOC 2 Type II certified platform built with security at its core. We maintain rigorous standards and proven practices to protect your data.

View Trust Center Contact Security Team

Security First

Security, privacy, and compliance are foundational to everything we build at Abra. We implement established standards and controls to safeguard your data and ensure system integrity.

Compliance & Certifications

SOC 2 Type II

Independently audited by a licensed CPA firm covering the Security Trust Services Criteria. Our SOC 2 Type II report validates our security controls and is available through our Trust Center.

GDPR Readiness

Our platform is built on GDPR-aligned data protection principles, including data minimization, purpose limitation, and comprehensive data subject rights support.

Request Compliance Documentation

Access our SOC 2 Type II report, penetration test summaries, and additional compliance documentation through our Trust Center at trust.helloabra.com

SOC 2 Type II Compliant

Security Standards & Infrastructure

Access Control & Authentication

  • RBAC & MFA: Role-based access controls with multi-factor authentication enforced across all systems.
  • Enterprise SSO: SAML 2.0 and OIDC support for single sign-on integration.
  • Encryption: AES-256 encryption at rest and TLS 1.2+ in transit for all data.
  • Audit Logging: Comprehensive audit trails with continuous monitoring for security events.

Infrastructure & Reliability

  • Azure Cloud: Hosted on Microsoft Azure with ISO 27001, SOC 1/2/3, and HITRUST certifications.
  • High Availability: System redundancy and disaster recovery for business continuity.
  • Vendor Security: Third-party vendors undergo rigorous security assessments and compliance reviews.

Data Protection & Privacy

  • Data Handling: Comprehensive policies govern data classification, retention schedules, and secure deletion procedures.
  • Privacy by Design: Security and privacy are embedded into every phase of our product development lifecycle from initial design through deployment.
  • Data Processing Agreement: Comprehensive DPA available detailing our data handling obligations, sub-processor list, and security commitments.

Proactive Security Testing

01

Annual Penetration Testing

Independent third-party security experts conduct comprehensive application-level penetration testing annually. All findings are promptly triaged, remediated, and validated through follow-up assessments.

02

Continuous Vulnerability Management

Automated dependency scanning and vulnerability monitoring integrated into our development and deployment pipelines identify and address threats before production.

03

Regular Security Assessments

Regular internal security reviews and risk assessments identify, evaluate, and mitigate emerging threats.

Incident Response & Reporting

  • 24/7 Security Monitoring: Continuous monitoring systems detect and alert on security threats, enabling rapid response.
  • Incident Response Plan: Comprehensive, tested incident response procedures guide our team through identification, containment, eradication, recovery, and thorough post-incident analysis.
Report a Security Issue

Discovered a security vulnerability? We take all reports seriously. Please contact our security team immediately at [email protected]

Want to Learn More?

Please enter your details below and a member of our team will follow-up shortly.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.