
Security Assurance
SOC 2 Type 2
This page is maintained by UMBRELLA to describe our alignment with the AICPA Trust Services Criteria as attested under a SOC 2 Type 2 examination.
Security (Common Criteria)
Logical access controls, MFA on privileged accounts, endpoint hardening, secure SDLC practices, and continuous vulnerability management across UMBRELLA's production environment.
Availability
Production workloads run on monitored infrastructure with documented backup, recovery, and incident-response procedures. Service status is published at /resources/status.
Confidentiality
Customer data is classified, access-controlled, and encrypted in transit (TLS 1.2+) and at rest. Contractual confidentiality obligations bind employees and subprocessors.
Audit period & scope
The Type 2 examination covers the operating effectiveness of controls over a defined observation window. Scope, exceptions, and auditor opinion are detailed in the report itself.
Independent attestation
The examination is performed by an independent CPA firm. UMBRELLA does not self-certify against SOC 2; the report reflects the auditor's opinion.
Request the report
Email contact@umbrellabd.app from a business address. We countersign an NDA before sharing.
