All client data lives in US-based infrastructure with end-to-end encryption. Client engagement data never leaves the borders you agree to.
GDPR + CCPA-aligned by default. We collect what's needed to ship the work and nothing more. No data sales. Ever.
SLAs in writing in every engagement contract. The Scale Guarantee is the floor; what's below is the minimum, never invoked across 286 deployments.
Client owns the deliverables. Full stop. No vendor lock-in. Documented exit terms in every MSA.
We don't claim certifications we don't have. We do align with the frameworks serious B2B buyers expect, and we publish what's in flight.
We're not SOC 2 Type II certified yet (Q4 2026 target). We're not pretending we are. If your procurement team requires SOC 2 today, we'll happily refer you to a certified peer — and check in when our Type II audit completes.
14 days advance notice before any new subprocessor is added. Object via privacy@automatescale.com.
36-page PDF covering everything procurement teams need: company info, security questionnaire (SIG-Lite-aligned), insurance certificates, sample MSA, DPA, sample SOC 2 readiness report, business continuity plan, sub-processor list with executed BAAs.
If procurement is satisfied, apply. If they need more, the VDD pack covers it. If you need a custom security review, legal@automatescale.com.