Security

Software Movers, LLC is SOC 2 Type I in progress (target: Q3 2026, Drata-automated). Type II follows after a 6-month window. This page sums up how we protect your data. For the full pack, book a call and ask for the security packet.

Program

• Written policies: security, access, incident response, change, vendor, backup, vuln management, OSS, data retention, and acceptable use. Reviewed every year.
• Access reviews every quarter. SSO and MFA everywhere. Least access by role.
• A yearly outside pen test. Ongoing scans with Trivy, Grype, and Dependabot.

Infra

• Dedicated servers. Per-tenant isolation on k3s.
• TLS 1.2+ in transit. AES-256 at rest. Encrypted offsite backups with object lock.
• Kubernetes audit logs sent to write-once storage. Kept 13 months.
• Falco for runtime checks. Kyverno for admission. Cosign-signed images. A license gate on every build.

Data

• We process your data per our Privacy Policy and DPA, shared on request.
• Sub-processor list shared on request. We give 30 days' notice before changes.
• 30/60/90-day offboarding. Signed deletion cert at day 90.

Incidents

• 24×7 on-call. SEV1 response in 15 minutes.
• Breach notice within 72 hours of confirmation.
• Public status page. Postmortem for every SEV1/SEV2 you see.

Report a security bug

Email [email protected] or book a call with Security. An engineer looks at it within one business day. Safe-harbor terms apply. See our security.txt. A HackerOne program starts after SOC 2 Type I.

What's next on the roadmap

• SOC 2 Type I — target Q3 2026
• SOC 2 Type II — target H1 2027
• HIPAA — on request, under BAA

Ask anything

Book a call. We answer within a business day.