search close


access_time Updated Dec 5, 2022


Signal Sciences has completed our SOC 2 Type II audit of the company’s operational and security processes for our service. Signal Sciences will continue to undergo a regular third-party audit to certify our services against this standard.

What is SOC 2?

SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy.

How can I obtain the SOC 2 report?

Prospects can request the report through a sales representative. Customers can request the report through a support ticket.


Signal Sciences is aligned with GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It aims to give control back to EU residents over their personal data.

Who does GDPR apply to?

GDPR applies to any organization handling personal data of an EU resident, regardless of where it is based.

What is personal data?

GDPR defines “personal data” very broadly. By definition, personal data includes information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Common examples of “personal data” include name and address. However, GDPR’s definition also includes, but is not limited to, log-in credentials, IP addresses, and cookies.

How does GDPR apply to Signal Sciences’ services?

While Signal Sciences’ services are not intended to process highly sensitive personal information, Signal Sciences is subject to GDPR as we process information regarding our customers, which may include personal data of EU residents (i.e. IP addresses).

How has Signal Sciences prepared for GDPR?

Signal Sciences is committed to being aligned with GDPR with respect to the services we provide and the client data we process. We have worked to build features that give customers more control over their data, like IP anonymization and data redactions. We have also updated our privacy policy to provide more transparency to our customers on how we intend to use their data.

How can Signal Sciences assist customers in meeting their obligations under GDPR?

Signal Sciences (“Processor”) can assist customers (“Controllers”) in fulfilling their obligations as data controllers by:

  • supporting customers in complying with requests from Data Subjects
  • maintaining security best practices for safeguarding personal data
  • providing a list of our sub-processors, upon request

If you have any requests related to the above, please reach out to support.

How can Signal Sciences help address requests from Data Subjects?

Signal Sciences has implemented IP anonymization as a product feature to give customers more control over personal data. Please refer to IP anonymization for guidance on how to enable IP anonymization.

If you have any other requests from Data Subjects, please reach out to support.

Where can I learn more about security and privacy efforts?

Signal Sciences’ privacy policy can be referenced here:

Does Signal Sciences have a Data Processing Agreement (DPA) for their customers?

Yes, Signal Sciences has a standard DPA for all new contracts. If you are a current customer and need a DPA, please reach out to support.

Who are the sub-processors authorized to process customer data for signal sciences services?

Signal Sciences engages certain sub-processors in connection with the provision of the Solution. A sub-processor is a third-party service provider engaged by Signal Sciences to process personal data on behalf of Signal Sciences’s customers.

Signal Sciences maintains a list of the names, entity type and locations of all sub-processors of personal data contained in customer data and caused to be submitted to Signal Sciences via the Solution, which is set forth below.

Entity name Entity type Entity location
Amazon Web Services, Inc. Third-party sub-processor United States
MongoDB Atlas Third-party sub-processor United States