Trust

Trust & compliance

Security teams are our buyers, so trust isn't a marketing layer — it's the product. Here's where we stand today, stated plainly.

Certifications & frameworks

SOC 2 Type II — in progress, target Q4 2026
ISO 27001 — planned to follow SOC 2
GDPR — compliant data handling for EU customers
Maps evidence to SOC 2, ISO 27001, and NIST for your own audits

Data handling

GraphDefend connects with scoped, read-only access and keeps customer identity data within the customer's tenant boundary. We collect the metadata required to build your identity graph and assess risk — not the contents of your systems.

Subprocessors & availability

A current list of subprocessors and our uptime commitments are available to customers and prospects under NDA. Contact us to request our security package, including our latest penetration test summary.

Request our security package

Email trust@graphdefend.com or reach out through the contact form for our SOC 2 status letter, data processing addendum, and architecture overview.