Trust Center
Security, privacy, and compliance are built into how we operate. Use this page to understand how we protect your data and the infrastructure we run on.
Last reviewed: June 2026
Compliance
TechnologyChecker.io is independently certified across the standards that matter for handling your data.
SOC 2 audited · GDPR, HIPAA & KVKK compliant. We also align with California's CCPA, and build on SOC 2 / ISO 27001-certified infrastructure (AWS, Vercel, Cloudflare); payments are handled by Stripe, a PCI DSS Level 1 provider.
At a glance
- Cloud hosting
- AWS · Vercel · Cloudflare
- Encryption
- TLS 1.2+ in transit · AES-256 at rest
- Access
- MFA + role-based access control
- Data we hold
- Public web data
Public website content & technology signals, business contact data (names, emails, addresses), and intent signals derived by analyzing public web content with AI.
Security controls
The technical and organizational measures we use to protect your data, organized by area. Select a card to see the full detail.
Compliance & Privacy
- SOC 2 audited
- HIPAA compliant
- GDPR, KVKK & CCPA aligned
Data Security
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest
- Encrypted, automated backups
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication for admin access
- Principle of least privilege
Infrastructure
- AWS — compute & data storage
- Vercel — application hosting & edge
- Cloudflare — DNS & global CDN
Network Security
- Cloudflare Web Application Firewall
- Anti-DDoS protection & bot mitigation
- HTTPS enforced across all surfaces
Application Security
- Regular penetration testing
- Vulnerability scanning
- Secure code review
Payment Security
- Stripe — PCI DSS Level 1 certified
- No card numbers stored on our servers
- Tokenized transactions
Monitoring & Logging
- Audit logging
- Access monitoring
- Uptime & availability monitoring
Incident Response
- Documented incident response plan
- 72-hour breach notification (GDPR)
- Dedicated security contact
People & Awareness
- Security awareness training
- Confidentiality agreements
- Background checks for staff
Data Privacy & Your Rights
- Access, rectification & erasure
- Data portability (CSV / JSON)
- Cookie consent management
Vendor & Subprocessor Management
- Vetted, contractually-bound subprocessors
- Standard Contractual Clauses (SCCs)
- Subprocessor list maintained below
Subprocessors & infrastructure
We use the following trusted third parties to operate our service. All are bound by data processing agreements.
| Provider | Purpose | Data region | Certifications |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud compute & primary data storage | EU / US regions | SOC 2 Type II, ISO 27001, PCI DSS |
| Vercel | Application hosting & edge network | Global edge | SOC 2 Type II |
| Cloudflare | DNS, CDN, WAF & DDoS protection | Global edge | SOC 2 Type II, ISO 27001 |
| Stripe | Payment processing & billing | US / EU | PCI DSS Level 1 |
| PostHog | Product analytics | EU / US | SOC 2 Type II |
| Intercom | Customer support & in-app messaging | US | SOC 2 Type II |
Have a security question?
Report a vulnerability, request our security documentation, or ask about our data practices. We respond to security reports as a priority.