Skip to main content Compliance We’re in the process of getting our SOC 2 Type II certification, the observation period should be completed by the end of October 2025.
If you need more information, please contact us at support@codspeed.io .
What we’re already doing While our SOC 2 Type II audit is in progress, we already follow security best practices to keep your data safe:
All data is encrypted at rest and in transit using industry-standard protocolsEncrypted backups with restricted access and automated rotationMinimal data collection : we only store what’s strictly necessary to generate reportsCI-only data processing : we don’t store source code nor large benchmark inputsMandatory 2FA for all CodSpeed team members Least privilege access across services and cloud resourcesRole-based access control (RBAC) for teams and organizationsScoped API tokens with fine-grained access controlsAudit logs for key actions and permission changesInfrastructure as code with peer-reviewed changes via pull requestsDependency and container scanning built into our CI 
