Compliance

We’re in the process of getting our SOC 2 Type II certification, the observation period should be completed by the end of October 2025.

SOC 2 Badge

If you need more information, please contact us at support@codspeed.io.

What we’re already doing

While our SOC 2 Type II audit is in progress, we already follow security best practices to keep your data safe:

  • All data is encrypted at rest and in transit using industry-standard protocols
  • Encrypted backups with restricted access and automated rotation
  • Minimal data collection: we only store what’s strictly necessary to generate reports
  • CI-only data processing: we don’t store source code nor large benchmark inputs
  • Mandatory 2FA for all CodSpeed team members
  • Least privilege access across services and cloud resources
  • Role-based access control (RBAC) for teams and organizations
  • Scoped API tokens with fine-grained access controls
  • Audit logs for key actions and permission changes
  • Infrastructure as code with peer-reviewed changes via pull requests
  • Dependency and container scanning built into our CI