Independently Audited & Continuously Monitored

Compliance & Trust Center

We meet the highest global standards for security, privacy, and regulatory compliance. Access certifications, audit reports, and policy documentation for procurement and legal review.

View Certifications → Download Security Brief

Certifications & Standards

.git is continuously assessed against internationally recognized frameworks to ensure rigorous data protection and operational security.

Certified

SOC 2 Type II

Annually audited for security, availability, processing integrity, confidentiality, and privacy controls.

Valid through Dec 2025 View Report →

Certified

ISO 27001:2022

International standard for Information Security Management Systems (ISMS) covering risk assessment and controls.

Valid through Nov 2026 View Certificate →

Compliant

GDPR

Full compliance with EU General Data Protection Regulation including data subject rights, DPIAs, and EU data residency.

Continuously maintained Privacy Policy →

Compliant

CCPA / CPRA

California Consumer Privacy Act compliance with opt-out mechanisms, data mapping, and third-party data sales restrictions.

Continuously maintained Do Not Sell →

Security & Data Governance

Our architecture is designed with zero-trust principles, defense-in-depth strategies, and automated compliance controls.

🔐 Infrastructure & Access

✓ Multi-factor authentication (MFA) enforced for all personnel
✓ Role-based access control (RBAC) with least-privilege principles
✓ Hardware Security Module (HSM) backed key management
✓ Continuous vulnerability scanning & penetration testing
✓ Immutable audit logs retained for 7+ years

🌍 Data Residency & Sovereignty

Region	Hosting Provider	Status
US (East/West)	AWS GovCloud / Commercial	Active
EU (Frankfurt/Amsterdam)	AWS eu-central-1	Active
Asia Pacific (Singapore)	AWS ap-southeast-1	Active
Data Cross-Border	Restricted by policy	Enforced

Audit, Reporting & Transparency

We provide continuous visibility into our compliance posture through automated monitoring, third-party assessments, and customer-facing security controls.

📊 Compliance Dashboard

Enterprise customers receive real-time visibility into security controls, uptime metrics, and compliance status via our admin console and API.

Explore Admin Console →

📑 Third-Party Assessments

Annual reviews by independent auditors (Big 4 & specialized cybersecurity firms). Questionnaires available for Vanta, Drata, and SecurityScorecard.

Request Audit Package →

⚠️ Incident Response

24/7 SOC monitoring with SLA-backed incident notification (< 1 hour for critical). Full post-incident reviews published to transparency report.

View Incident History →

Need Compliance Documentation?

Our dedicated compliance team can assist with vendor risk assessments, DPAs, custom SLAs, and procurement questionnaires.

📧 compliance@git.dev For legal & procurement inquiries

🔒 security@git.dev For vulnerability reports & technical audits

Download Trust & Security Brief (PDF) →