Contrast
Book a demoStart for free

Security, SOC2 and more

Contrast is SOC 2 Type II certified, underscoring our commitment to the highest standards of security, availability, and confidentiality.

What this means for our customers:

  • Independant validation
    A trusted third-party audit confirmed that our security controls are not only well-designed (Type I) but also operate effectively over time (Type II).
  • Continuous protection
    Our processes, systems, and safeguards meet rigorous industry benchmarks to protect your data and maintain service reliability.
  • Peace of mind
    You can trust that your sensitive information is handled with the utmost care, backed by robust and consistently tested security practices.

    • This certification reflects our dedication to transparency, compliance, and customer trust—so you can focus on your business knowing your data is in safe hands.

    SOC2 Report

SOC2 and GDPR compliance

HubSpot trusts Contrast.
Others too

Resources

Trust Center
Everything about our security, compliance, and reliability in one place.
Status Page
Real-time service updates. Always know what’s running (and what’s not).
Privacy Policy
How we collect, use, and protect your data — in plain language.
Terms & Conditions
The rules of the road. What you can expect from us, and what we expect from you.

Got questions?

What is SOC 2 Type II?

It's a third-party report that verifies how a company designs and operates its controls for the Trust Service Criteria, typically Security across a defined period (often 3-12 months).

In practice, it covers things like access controls, change management, incident response, vendor risk, and monitoring, with evidence collected throughout the audit window. The final report includes the scope, system description, auditor's tests, and results—used by customers to evaluate risk and compliance.

What is the difference between a SOC 2 Type I and SOC 2 Type II report?

Unlike Type I, which is a point-in-time check, Type II tests control effectiveness continuously, making it the gold standard customers look for when assessing a vendor’s operational security maturity.

How does Contrast's SOC 2 Type II benefit customers?

  • SOC 2 Type II is a global accepted standard.
  • SOC 2 Type II is conducted by an independent and qualified third party auditor.
  • The annual report illustrates our commitment to consistency and demonstrates the controls Contrast has in place to keep its infrastructure secure and available.

Does Contrast have a SOC 2 Type II report?

Yes, Contrast has undertaken the AICPA SOC 2 Type II to attest to Security, Confidentiality, and Availability controls in place in accordance with the AICPA Trust Service Criteria. We include the report as part of our compliance package for current and potential customers.

The report provides reasonable assurance to our customers that Contrast's service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability, and confidentiality.

When can customers expect Contrast's report?

Contrast issues a SOC 2 Type II once a year. Customers can expect an updated report approximately three months after the completion of the audit. The most recent audit was in October 2025.

How can customers get a copy of the SOC 2 Report?

Your account customer success manager or a member of the sales team can help you get a copy.

Does Contrast comply with GDPR?

As a European company, Contrast complies with all regulations under the General Data Protection Regulation.

Where is customer data stored?

Europe

Does Contrast have additional security and privacy certifications and reports?

Please visit the Trust Center for more information regarding security, controls, privacy and other documents like terms of use.