COMPANY UPDATE

Our Commitment to Enterprise Security: SOC 2 Type II Underway

Enterprise-grade security controls are already protecting your data. Independent certification is on the way.

When you trust a platform with your documents, you're trusting it with your business. Customer contracts. Internal policies. Proprietary research. Sensitive data that, in the wrong hands, could create real harm.

We take that trust seriously. Today we're sharing an update on our security infrastructure and our path to SOC 2 Type II certification.

Enterprise Security Controls — Live Today

Security isn't something we're building toward — it's foundational to how we operate. Here's what's already protecting your data:

• End-to-end encryption — Data encrypted at rest and in transit
• Role-based access control — Granular permissions with MFA enforcement
• Infrastructure hardening — Secure cloud configuration and network segmentation
• Continuous monitoring — Real-time threat detection and alerting
• Audit logging — Complete visibility into system access and changes

SOC 2 Type II: Independent Validation

We're actively pursuing SOC 2 Type II certification to provide independent, third-party validation of our security practices.

SOC 2 isn't a checkbox — it's a rigorous audit that evaluates security controls across five trust principles: security, availability, processing integrity, confidentiality, and privacy. Type II certification specifically requires demonstrating that controls operate effectively over time, not just at a single point.

For our customers, this certification will mean:

• Verified security controls — An independent auditor confirming our practices, not just our claims
• Easier procurement — Your security and compliance teams can approve GuidedMind faster with a SOC 2 report in hand
• Documented assurance — Formal evidence that we meet enterprise security standards

What We've Implemented

In preparation for certification, we've built and documented a comprehensive security program:

• Security policies and procedures covering all aspects of our operations
• Access control systems with role-based permissions and MFA
• End-to-end encryption for data at rest and in transit
• Infrastructure hardening with secure cloud configuration and network segmentation
• Incident response procedures with documented playbooks
• Vendor risk management with security assessments of third-party providers
• Business continuity and disaster recovery planning

We're on track for certification and will share updates as we reach that milestone.

An Ongoing Commitment

Security isn't a destination — it's an ongoing commitment. SOC 2 certification is one milestone, but our investment in protecting your data doesn't stop there. We continuously evaluate and improve our security posture as threats evolve and best practices advance.

Questions?

If you're evaluating GuidedMind and have security or compliance questions, we're happy to discuss our controls in detail. Our team can walk through our security architecture, share our policies, and answer questions from your security team.

Contact us about security | View our security overview