What we build Who we build for Why Webstrail Case studies FAQ Book a Free Discovery Call

Security & compliance

Trust Service Center

SOC 2 Type II · HIPAA · Continuous monitoring

Compliance & security at Webstrail

Welcome to our Trust Center. Webstrail views security and compliance as the foundation our products are built on — and how trust with our customers is earned and maintained. We use Vanta to continuously monitor our internal security controls against the highest standards, giving us real-time visibility into the end-to-end security and compliance posture of our systems.

SOC 2 Type IIHIPAAAnnual penetration testingContinuous monitoring (Vanta)

HIPAA

Webstrail continually monitors HIPAA through assessments and controls — validation of our adherence to the highest standards for working with Protected Health Information (PHI). Our customers get the peace of mind that we proactively protect their PHI and adhere to HIPAA regulations.

SOC 2

SOC 2 is an extensive auditing procedure ensuring a company handles customer data securely, protecting both the organization and the privacy of its customers. Receiving SOC 2 attestation was an important milestone in demonstrating our commitment to our customers and the security of their data.

Compliance documentation

Documentation of our compliance against global standards — including certifications, attestations, and audit reports — is available to qualified parties under NDA: SOC 2 Type II attestation, SOC 2 penetration-test report summary, SOC penetration-test certificate, and HIPAA certificate.

Continuous monitoring

Data security

  • Daily database backups
  • Databases monitored and alarmed
  • Logging / monitoring

Infrastructure security

  • Quarterly external vulnerability scans
  • Quarterly internal vulnerability scans

Organization security

  • Acceptable use policy
  • Business Associate Agreements
  • Incident response plan
  • MFA on accounts
  • Security policies & training

Network security

  • Denial of public SSH
  • Firewalls

Product security

  • Annual penetration tests
  • Code review process
  • Disaster recovery plan
  • Quarterly vulnerability scans
  • Secure software development lifecycle

To request our SOC 2 Type II report or security overview, get in touch — these are available to qualified buyers under NDA.