Audit reports
Beakr maintains SOC 2 Type II compliance, audited annually. Reports and compliance documentation are available upon request.
SOC 2 Type II
Beakr maintains SOC 2 Type II compliance through an independently managed audit program. Our controls cover:
| Control family | What it covers |
|---|---|
| CC6 — Logical & Physical Access | User authentication, API authentication, database access controls, least-privilege IAM roles, secrets management via AWS Secrets Manager. |
| CC7 — System Operations | Infrastructure as Code (Terraform), immutable container images, dependency pinning, CI/CD pipelines, CloudTrail audit logging, GuardDuty threat detection, VPC Flow Logs. |
| CC8 — Change Management | Code review via pull requests, Terraform plan review before apply, automated deployment pipelines. |
| A1 — Availability | Multi-AZ deployment, auto-scaling, health checks, automated database backups. |
| C1 — Confidentiality | AES-256 encryption at rest, TLS 1.3 in transit, database-level tenant isolation, VPC private subnets. |
| PI1 — Processing Integrity | Input validation, parameterized queries, WAF rules. |
Requesting a report
Our SOC 2 Type II report is available upon request under NDA.
- Visit our Trust Center for responses to SIG, CAIQ, and HECVAT.
- Email security@thebeakr.com to request the full SOC 2 report under NDA.
HIPAA compliance
Beakr's HIPAA compliance program is also independently audited. For a full requirement-by-requirement mapping of the HIPAA Security Rule, see Compliance & HIPAA.
Need a security questionnaire completed?
Our Trust Center at thebeakr.trust.site hosts responses to SIG, CAIQ, and HECVAT. For custom questionnaires, email security@thebeakr.com.