Security & Trust

Embargo is built on SOC 2 Type II and ISO 27001 certified infrastructure to ensure the security, privacy, and integrity of your compliance operations.

Data Handling

  • Encryption at Rest: All database volumes are encrypted at rest using AES-256 encryption.
  • Encryption in Transit: All data transmitted between clients and our services is encrypted in transit using TLS 1.2 or higher.
  • Data Residency: Our primary data centers are located in the United States (us-east-1).

Infrastructure Certifications

We partner with industry-leading infrastructure providers that maintain rigorous security compliance programs.

Vercel

Application Hosting

SOC 2 Type IIISO 27001:2022

Supabase

Database & Storage

SOC 2 Type IIISO 27001

Clerk

Authentication & Identity

SOC 2 Type IIISO 27001HIPAA

Resend

Email Delivery

SOC 2 Type II

Subprocessors

We use the following third-party services as subprocessors to provide our service:

  • Vercel — Application hosting
  • Supabase — Database and cloud storage
  • Clerk — User authentication and identity management
  • Resend — Email delivery
  • Stripe — Payment processing

Responsible Disclosure

We take security seriously. If you believe you have found a security vulnerability in our application, please let us know right away.

To report a security vulnerability, email security@getembargo.com.