Kanary Achieves SOC 2 Type 1 Attestation

Kanary has achieved SOC 2 Type 1 compliance, independently verified by Prescient Security. This is a significant milestone and investment in maintaining the highest security standards to protect the data and privacy of our partners and members.

Our mission is to safeguard people. We help organizations and individuals protect their personal information, know their risk exposure, reduce attack possibilities, and maintain privacy. It starts with monitoring digital footprints including public social accounts, search engines, aggregators, and brokers. And from your personal threat model, act to protect and remove the personal data that attackers and fraudsters weaponize for financial gain or retribution. So when it comes to how we handle your data, we hold ourselves to the highest standards. Security is foundational to who we are.

What is SOC 2 Type 1?

SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how a company designs and implements controls related to security, availability, processing integrity, confidentiality, and privacy. A Type 1 report assesses whether those controls are properly designed and in place at a specific point in time. It's an independent, third-party attestation, not a self-assessment, which means our controls have been evaluated by an external auditor against rigorous industry standards.

The audit examined our controls across key trust service criteria, including how we manage access to systems and data, how we monitor for threats, how we respond to incidents, and how we maintain operational reliability. Earning this attestation required a company-wide effort and we're proud of the cross-functional commitment our team brought to this process.

Protecting Personal Data is in Kanary's DNA

This milestone is especially meaningful for us to share with our customers, partners and members given the nature of our work. Our customers share personal information with us precisely because they want less of it exposed. That makes our security posture not just a compliance checkbox but a direct extension of the service we provide.

We know trust isn’t something that can simply be declared, it must be earned and demonstrated. Achieving SOC 2 Type 1 compliance means we've formally documented and validated the security architecture, policies, and operational controls that safeguard the information of those who use our platform. Now, in addition to providing the mechanisms for individuals and organizations to protect themselves, we can provide the external validation of the investments we’ve made in the security of our members, their data, and the our infrastructure.

What Comes Next?

SOC 2 Type 1 is a starting point, not a finish line. We're working towards SOC 2 Type 2 and we'll continue to invest in the infrastructure and practices that keep Kanary worthy of your trust.

Customers, partners and members can email [email protected] to request a copy of the report.