SOC 2 Type 2 — Verified by AssuranceLab

Security Assurance

SOC 2 Type 2

This page is maintained by UMBRELLA to describe our alignment with the AICPA Trust Services Criteria as attested under a SOC 2 Type 2 examination.

Report availability. The full SOC 2 Type 2 report is confidential and available to customers and prospects under NDA. Contact us to request access.

Security (Common Criteria)

Logical access controls, MFA on privileged accounts, endpoint hardening, secure SDLC practices, and continuous vulnerability management across UMBRELLA's production environment.

Availability

Production workloads run on monitored infrastructure with documented backup, recovery, and incident-response procedures. Service status is published at /resources/status.

Confidentiality

Customer data is classified, access-controlled, and encrypted in transit (TLS 1.2+) and at rest. Contractual confidentiality obligations bind employees and subprocessors.

Audit period & scope

The Type 2 examination covers the operating effectiveness of controls over a defined observation window. Scope, exceptions, and auditor opinion are detailed in the report itself.

Independent attestation

The examination is performed by an independent CPA firm. UMBRELLA does not self-certify against SOC 2; the report reflects the auditor's opinion.

Request the report

Email contact@umbrellabd.app from a business address. We countersign an NDA before sharing.