SOC 2 Type 2 Compliant
We are officially SOC 2 Type 2 compliant — here's what that means for you and your data.
Photo by Vladimir Kudinov
We're happy to announce that as of February 27, 2026, Phase is officially SOC 2 Type 2 compliant.
SOC 2 Type 2 compliance is the gold standard for demonstrating that an organization has maintained robust security controls over an extended period of time. Unlike Type 1, which is a point-in-time snapshot, Type 2 validates that our security practices have been consistently operational and effective throughout the audit observation period.
What this means for you
For our customers, this means that Phase's security program has been independently verified by an accredited third-party auditor. This covers everything from how we handle your data, manage access controls, monitor our infrastructure, and respond to incidents.
You can learn more about our security posture and compliance program at our trust center. If you'd like to review the full SOC 2 Type 2 audit report, you can request access there as well.
Acknowledgements
A big shout-out to the team at Oneleet for all the help and guidance throughout the entire process. From onboarding to audit, they handled everything on our behalf and made the process as smooth as possible.
Get started with your own SOC 2 program
If you're a founder or technical team looking to get SOC 2 Type 2 compliant, we wrote a detailed guide on how to speedrun the entire process — from finding a compliance partner, to setting up controls, to surviving the audit. Check it out here: Speedrunning SOC 2 Type 2.
