Security & Compliance

Enterprise-grade security, built in from day one

Protecting your data is foundational to everything we build. Herd is designed with security at every layer so you can trust us with your most sensitive workflows. SOC 2 Type II certification currently in progress.

Our Approach

How we protect your data

Security is not an afterthought - it is embedded into our architecture, processes, and culture.

Data Encryption

All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed through dedicated key management services with automatic rotation.

Access Controls

Role-based access control (RBAC) with SSO integration and MFA enforcement. Least-privilege access is applied across all systems and services.

Infrastructure

Hosted on AWS with SOC 2-compliant infrastructure. Multi-region redundancy, automated backups, and network isolation protect against outages and unauthorized access.

Monitoring and Logging

Continuous monitoring across all systems with centralized audit logging. Anomaly detection and real-time alerting ensure rapid identification of potential threats.

Incident Response

Defined incident response procedures with clear escalation paths. We commit to breach notification within 72 hours and conduct post-incident reviews for every event.

Vendor Security

All third-party vendors undergo rigorous security assessments. We maintain a public subprocessor list and conduct regular reviews of vendor security posture.

Compliance

Meeting your regulatory requirements

Built for regulated industries

Herd is designed to help organizations meet their compliance obligations across multiple frameworks. Our security program is independently audited and continuously monitored.

Annual independent third-party audits for SOC 2
Data processing agreements (DPAs) available for all customers
Data residency options for EU and US regions
Regular penetration testing by certified third-party firms
Employee security training and background checks

SOC 2 Type II (In Progress)

Currently pursuing SOC 2 Type II certification. Controls covering security, availability, and confidentiality are being independently audited.

CCPA

Compliant with California Consumer Privacy Act requirements for data transparency, access rights, and deletion requests.

Customer Resources

Detailed security documentation

Access in-depth security documentation available to Herd customers.

SOC 2 Type II Report

Full audit report covering security, availability, and confidentiality trust service criteria for the past 12 months.

Penetration Test Results

Summary of findings from our most recent third-party penetration test, including remediation status and timelines.

Data Processing Agreement

Our standard DPA covering data processing terms, subprocessor lists, and cross-border transfer mechanisms.

Security Architecture Whitepaper

Technical deep-dive into Herd's security architecture, data flows, encryption schemes, and isolation boundaries.

Vendor Risk Assessment Questionnaire

Pre-filled SIG Lite and CAIQ questionnaires to streamline your vendor risk assessment process.

Infrastructure Audit Logs

Sample audit log exports and documentation on log retention policies, formats, and integration options.

Request access