Compliance
SOC 2 Type II
Last updated: May 2026
Metadot Corporation operates its SaaS products under a SOC 2 Type II program. An independent auditor evaluates our security controls over a period of time — not just at a single point — to confirm that they are properly designed and consistently operated.
What SOC 2 Type II Means
SOC 2 is a reporting framework developed by the AICPA that evaluates a service organization's controls against five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. A Type II report covers a multi-month observation window, which is why customers and procurement teams treat it as the stronger of the two SOC 2 reports.
Our Security Program
Access Controls
Multi-factor authentication, role-based access, and the principle of least privilege across production systems.
Continuous Monitoring
Around-the-clock alerting and a documented incident response runbook.
Independent Audits
Regular third-party audits verify that controls are designed correctly and consistently operated.
Encryption
Customer data is encrypted in transit with TLS and at rest in the database and backups.
Threat Detection
Anomaly detection on infrastructure and application logs, paired with vulnerability scanning.
Ongoing Compliance
Policies are reviewed at least annually; staff complete security training each year.
Requesting Our SOC 2 Report
We share our SOC 2 Type II report with current and prospective customers under a mutual NDA. To request a copy, contact compliance@metadot.com with the name of your organization and the product you are evaluating.
Related Programs
See our Privacy Policy for how we handle personal data, HIPAA for protected health information, and Accessibility for our commitment to WCAG conformance.