How Superlog protects your data
Our control environment, the subprocessors we use, and the timeline to formal SOC 2 attestation.
Superlog is not yet SOC 2 certified. Our compliance program is in active build-out, in partnership with Probo (engaged Q2 2026).
Type I target: Q2 2026 · Type II target: Q4 2026
Documents
Security Whitepaper
Architecture, tenant isolation, encryption, the investigation-agent credential boundary, employee access, BCDR, and the controls that map to the SOC 2 Trust Services Criteria.
Read whitepaper 02 · SubprocessorsSubprocessor list
Every third party that processes customer data on Superlog's behalf — purpose, scope of data, and processing region. 30 days' notice before we add a new one under an active DPA.
See subprocessors 03 · RoadmapSOC 2 Compliance Roadmap
Current posture, the milestones to Type I (Q2 2026) and Type II (Q4 2026), penetration testing, and what we share with prospects before certification lands.
See the roadmapFor vulnerability reports. We acknowledge within one business day.
DPA, SIG Lite / CAIQ, custom security questionnaires, contract negotiation.
Planned for Q2 2026
Until then, incident notifications go out by email to org owners within 72 hours.
Everything we share publicly. For a DPA, pre-filled security questionnaire (SIG Lite / CAIQ), or anything else, email legal@superlog.sh.