Overview

At Weave, we are deeply committed to safeguarding the data that powers your engineering team's performance, maintaining rigorous industry standards including SOC 2 Type II compliance. We invite you to review our comprehensive security documentation to understand the strict measures and protocols we employ to protect your workflow analytics and ensure your continued trust.

workweave.dev

support@workweave.ai

Compliance

Compliance frameworks Weave currently meets or is working toward to uphold their security and privacy commitments.

SOC 2

Compliant

ISO 27001

Compliant

Resource library

Our security, compliance, and policy documentation, including audit reports.

Weave SOC 2 Type IIFebruary 26, 2026

Weave SOC 2 Type IFebruary 26, 2026

Weave COI - CybersecurityFebruary 26, 2026

Weave ISO 27001 Audit ReportMarch 16, 2026

WorkWeave, Inc. - ISO/IEC 27001 2022 Official CertificateMarch 31, 2026

Weave - Vulnerability Assessment and Penetration Testing (VAPT)February 26, 2026

Code of Conduct / Acceptable Use PolicyApril 30, 2026

Information Security PolicyApril 30, 2026

Asset Management PolicyApril 30, 2026

Data Management PolicyApril 30, 2026

Logical Access PolicyApril 30, 2026

Vulnerability Management PolicyApril 30, 2026

Incident Response Plan and PolicyApril 30, 2026

Software Development and Lifecycle Management PolicyApril 30, 2026

Vendor Risk Management PolicyApril 30, 2026

Business Continuity and Disaster Recovery PolicyApril 30, 2026

Information Security Roles and Responsibilities PolicyApril 30, 2026

Risk Management PolicyApril 30, 2026

Human Resource Security PolicyApril 30, 2026

Privacy PolicyApril 30, 2026

Controls

Our security program is built on a complete set of controls that govern how we safeguard data and manage risk.

Infrastructure security

Architecture Diagram

Platform Availability Monitoring

Platform Availability Alerts

Organizational security

Trust Page

Compliance Monitoring

Asset Inventory

Product security

Code Changes Planning

Code Changes Tested

Code Changes Approved

Internal security procedures

Sign-up Consent

Data Management Policy

Onboarding Checklist

Data and privacy

Confidential Data Deletion

PII Inventory

Public Privacy Policy

Subprocessors

Trusted third parties that support our services and may process customer data as part of their function.

GCP

United States

Github

United States

PostHog

United States

Pylon

United States

Resend

United States

Overview

Compliance

Resource library

Controls

Subprocessors

Frequently asked questions

How does Weave control internal access?

Does Weave account for vacations and off-days?

Is Weave SOC 2 compliant?

Does Weave comply with GDPR?

Does Weave support HIPAA or healthcare customers?

Does Weave conduct penetration testing?

What types of data does Weave collect?

How does Weave minimize data collection?

Can customers disable source code retention?

How long does Weave retain data?

Where is customer data stored?

Can customers delete their data?

Which LLM providers does Weave use?

Is customer data used to train third-party AI models?

How is data protected when sent to LLMs?

How is Weave hosted?

How is customer data encrypted?

What network security controls are in place?

Does Weave perform employee background checks?

How are employee devices secured?

How does Weave secure its development process?

How does Weave handle security incidents?

What is Weave's disaster recovery posture?

What controls do customers have?

What deployment models are available?

How can customers request security documentation?