Trust & Compliance

Trust & Compliance

Our Commitment to Your Security

Your Risk Is Our Risk — Literally

Built with protection at its core, our At-Bay’s Stance solutions safeguard your data and workflows using the same industry-leading practices that protect Fortune 500 companies.

But here's what sets us apart: if our security fails, we look for coverage for your loss under your At-Bay policy. This shared-risk model means your protection directly impacts our bottom line, transforming the typical vendor relationship into true partnership. That's security that works — because it has to.

soc 2 badge

SOC 2 Type II Certified

At-Bay has earned SOC 2 Type II certification through rigorous independent auditing that validates the design and effectiveness of our security controls. Real protection, verified.

Request full report

Battle-Tested by Us First

Our own business operations are protected by the exact same solutions we provide to our clients. When we say our solutions work, we know firsthand — they are protecting our own data, people, and reputation 24x7.

Battle-Tested by Us First

Frequently Asked Questions

  • Is all data encrypted both in transit and at rest?

    Yes, all data is fully encrypted both in transit and at rest, ensuring confidentiality and protection at every stage.

    Read More

  • Are you retaining data on servers in other countries?

    No, data is processed and stored exclusively in AWS data centers located in the United States.

    Read More

  • Is any mailbox or threat data stored or logged outside our tenant?

    Yes, mailbox and threat data are processed and logged securely in our US-based AWS environment, outside of your tenant.

    Read More

  • Are you using data from our environment to train AI models?

    No, we do not use customer data for training as-is. However, in case we find attacks, we may use the data created by malicious threat actors to to train our models.

    Read More

  • Is access to logged or processed data internally restricted based on role or need-to-know?

    Yes, access is strictly limited to the Cyber Research team and is governed by the principle of least privilege.

    Read More

  • Do you maintain audit logs of access and actions, and support formal incident response procedures?

    Yes, all access and actions are logged. We maintain comprehensive audit trails and adhere to SOC 2 compliance standards, including formal incident response procedures.

    Read More

Additional Resources

Security Inquiries: security@at-bay.com
Legal & Privacy Questions: privacy@at-bay.com

technical documentation
Technical Documentation

 

Read documentation
Privacy Policy

 

Read policy
Website Terms of Service

 

Read terms