Guardra.ai
Back to Guardra

Security

How we secure the platform that secures you.

Guardra is built by security people for security people. Our own posture is reviewed the same way we review yours — continuously, with evidence, and with humility when we find things to fix.

Visit the Trust Center Try the live demo

Certifications

  • SOC 2 Type II (annual · auditor: Schellman)
  • ISO 27001:2022 · 27017 · 27018
  • PCI-DSS Level 1
  • HIPAA (BAA available on Enterprise+)
  • GDPR · CCPA
  • CSA STAR Level 2
  • FedRAMP Moderate (in process)

Practices

  • Quarterly external penetration tests (NCC · Bishop Fox)
  • Annual red-team exercise
  • Bug bounty via HackerOne · $25K max payout
  • Mandatory code review · 2 eyes · signed commits
  • mTLS everywhere · short-lived certificates
  • Customer-managed encryption keys on Premium
  • Least-privilege IAM · break-glass audit logging

Transparency

  • Public SOC 2 bridge letter (NDA via portal)
  • SBOM published per release (Sigstore)
  • SLSA Level 3 build provenance
  • Incident RCA published within 10 business days
  • Subprocessor list — notified 30 days before changes
  • Public status page: status.guardra.ai
  • Coordinated disclosure policy · 90-day default

Reporting a vulnerability

Found something? We want to hear it. Email security@guardra.ai (PGP available), or file via our HackerOne program. We commit to a 24-hour first response and a 90-day resolution window as our default.