MycroftTrust Center

Trust Center

Mycroft is a cybersecurity and compliance automation platform helping B2B SaaS companies manage security, risk, and compliance. We are committed to maintaining the security, privacy, and reliability of our platform, and hold SOC 2 Type 2 compliance alongside being GDPR and HIPAA compliant (subject to DPA and BAA respectively). We encourage customers and prospects to review our security documentation, policies, and reports below.

mycroft.io
security@mycroft.io
Privacy policy

Compliance

Compliance frameworks Mycroft currently meets or is working toward to uphold their security and privacy commitments.

SOC 2
SOC 2
Compliant
HIPAA
HIPAA
Compliant
GDPR
GDPR
Compliant
ISO 42001
ISO 42001
In progress
ISO 27001
ISO 27001
In progress
FedRAMP 20x - LOW
FedRAMP 20x - LOW
In progress

Trusted by

Willful logoWillful
Wisedocs logoWisedocs
Weave logoWeave
Control D logoControl D
Superwhisper logoSuperwhisper
Cascade Debt logoCascade Debt

Resource library

Our security, compliance, and policy documentation, including audit reports.

SOC 2 Type 2 Report - 2025February 25, 2026
Application Penetration Test - 2025February 25, 2026

Controls

Our security program is built on a complete set of controls that govern how we safeguard data and manage risk.

Infrastructure security
  • Architecture Diagram
  • AI system deployment
  • AI system technical documentation
Organizational security
  • Asset Inventory
  • Alignment with other organizational policies
  • Review of the AI policy
Product security
  • Role-based Access
  • Application Authentication
  • User Segregation
Internal security procedures
  • Multi-factor Authentication
  • Password Manager
  • Onboarding Checklist

Subprocessors

Trusted third parties that support our services and may process customer data as part of their function.

GCP
CA/US
Cloudflare
CA/US
PropelAuth
US
1Password
CA
Google Workspace
US

Frequently asked questions

Powered by