TraceFlux

COMPANY · TRUST & COMPLIANCE

SOC 2

Independent assurance for security controls, operational governance, and tenant isolation integrity.

Request SOC 2 ReportSecurity Overview →Compliance Roadmap →

SOC 2 snapshot

Attestation Type
SOC 2 Type II (status available upon request)
Trust Services Criteria
Security (additional criteria documented within report scope)
Report Period
Available upon request
Auditor
Independent CPA firm (details provided under NDA)
In-Scope Services
TraceFlux Control Plane, Data Ingestion Services, Governance Engine, Audit Ledger

SOC 2 is an independent attestation report — not a certification. Full scope and control details are contained within the report.

Control coverage at TraceFlux

Access Control

  • Role-based access control (RBAC)
  • Least-privilege enforcement
  • Approval gates for sensitive automation
  • Identity attribution in audit ledger

Change Management

  • Replay validation before promotion
  • Policy eligibility checks
  • Execution scope enforcement
  • Regression detection workflows

Logging & Monitoring

  • Immutable audit ledger
  • Execution trace logging
  • Operational monitoring & alerting

Data Protection & Isolation

  • Tenant-level data partitioning
  • Encryption in transit
  • Logical processing boundaries
  • No cross-tenant inference mixing

In-scope services

  • • TraceFlux web control plane
  • • API authentication & authorization layer
  • • Telemetry ingestion & processing pipeline
  • • Governance enforcement engine
  • • Immutable audit logging services

Detailed scoping boundaries are documented within the official SOC 2 report.

Shared responsibility

TraceFlux maintains controls for platform infrastructure, governance enforcement, tenant segregation, and audit logging. Customers remain responsible for identity configuration, endpoint security, and operational policies within their environments.

View full Security Overview →

Report access

The SOC 2 report is available to customers and prospective customers upon request. Access may require a signed NDA and verification of business identity.

Request SOC 2 ReportContact Security Team →

Operational assurance by design

Governance enforcement, tenant isolation, and replay validation ensure security controls are continuously evaluated and auditable.

System Status →View Compliance Roadmap →