Security & Trust
Built to be trusted in production
We deliver software for enterprises, banks, and regulated teams, so security, access control, and a defensible delivery process are part of how we work, not an afterthought.
SOC 2 examination
ToolTwist Limited completed a SOC 2 Type 1 examination of its Software Development Services System, performed by the independent auditor A-LIGN, covering the Security trust services category (AICPA TSP section 100).
A Type 1 report attests to the design of our controls at a point in time. The full report is proprietary and confidential, and is available to qualified prospects and clients on request under NDA.
Request the SOC 2 reportHow we protect your work
Controls across the delivery lifecycle
Access control
Least-privilege access to systems and client environments, with authentication, role-based permissions, and access reviews.
Change management
Code changes go through review, testing, and controlled deployment, with an audit trail of what shipped and when.
Monitoring & logging
Systems are monitored and logged so anomalies can be detected and investigated.
Responsible AI
AI-assisted output is reviewed by the accountable engineer, and AI tooling is configured to limit data retention. See our Responsible AI practices on the home page.
Cloud infrastructure
We build and host on enterprise cloud platforms, primarily Google Cloud Platform and Amazon Web Services, relying on their certified infrastructure and managing our own controls on top.
Data protection & privacy
We handle personal data in line with GDPR and CCPA principles, and keep collection to what we need to respond to enquiries and deliver work. See our Privacy Policy for details.
Talk to us about your security requirements
Tell us what your security and compliance teams need to see. We'll share our SOC 2 report under NDA and walk through how we'd handle your environment.