Hex is a platform for working with data, including some of our customer's most sensitive information. We work to earn their trust by putting security and privacy front-and-center.
This includes industry-leading controls, data minimization, and a secure-by-design architecture. Perhaps most importantly, we have built a security-conscious culture from Day 1: everyone at Hex knows that security is our most important job.
Earlier this year, we started our SOC 2 certification process. A SOC 2 report is for service organizations that hold, store, or process the information of their users. You can read more about it here.
A couple of months ago, we obtained our SOC 2 Type I report. This represents a "snapshot", indicating that we have robust controls in place to ensure the security and availability of our customers' data.
Today, we are announcing that Hex has also obtained a SOC 2 Type II report. This is the most comprehensive SOC protocol, and attests not only to the suitability of our process and systems, but our operational effectiveness of sticking to those controls over a period of time.
The full writeup describes our suite of controls for securing and handling customer data, including:
System monitoring and ongoing risk assessments
Internal access control to production environments
Disaster recovery, data backup, and incident response processes
Communication of changes to customers
Employee on-boarding and termination processes
We're proud of this report. It is a reflection of our dedication to security, and the product of many months of hard work from our team. We will continue to pursue additional certifications in the future. But our commitment to security is about more than checking a box: every day we make sure that our systems and processes are worthy of the important data our customers trust us with.