Trust PartnerStack to keep your data secure and meet your compliance requirements.

Security Program and Risk Management

PartnerStack has established a comprehensive security program based on AICPA Trust Services Criteria (TSC) 2017 for security, confidentiality, availability, processing integrity, and privacy.

PartnerStack performs an annual risk assessment to gain an accurate and comprehensive identification, review, and remediation of risks and vulnerabilities that may impact the platform's commitment to security, confidentiality, availability, processing integrity, and privacy.


PartnerStack platform is SOC 2 Type 2 compliant against security, confidentiality, availability, processing integrity, and privacy.

For a copy of the SOC 2 Type 2 report, please submit a request to Our Data Room and inform your account manager.

Data encryption in-transit and at-rest

PartnerStack enforces TLS1.2 and above for data in transit between its users and the platform.

PartnerStack production data is encrypted at rest using AES-256 encryption.


PartnerStack supports the industry standard SAML 2.0 protocol for authentication using an external identity provider.

Confidentiality and Monitoring

PartnerStack enforces principles of least privilege and enforces access to data on a need to know and operate basis.

PartnerStack has established extensive audit and monitoring controls to help ensure auditability of access functions performed internally and externally.

PartnerStack platform enforces granular role-based access control for its users.

Network Protections

PartnerStack has implemented private networking, firewalls, and segmentation controls through its suppliers to ensure alignment with best practices on its network infrastructure.

Penetration Testing

PartnerStack performs targeted and general penetration testing on its platform on at least an annual basis.

Vulnerability Management

PartnerStack performs real-time static code analysis for core application code as part of the deployment process.

PartnerStack performs container vulnerability scanning as part of its deployment process.

PartnerStack has established a vulnerability management process that addresses risks in the following target SLA:

Zero Day / Critical: 7 days

High: 30 days

Medium: 90 days

Low/Info: 180 days+ (dependent on overall risk assessment)

Supplier Risk Management

PartnerStack has implemented a comprehensive supplier risk management policies and procedures to ensure protection of assets and data that are accessible by its suppliers and to establish standards for information security, privacy, and service delivery from its suppliers.

Human Resources Security

PartnerStack conducts background checks for all applicants selected for full-time employment.

PartnerStack employees and related entities are subject to continuous security awareness training with a minimum annual cadence.

Business Continuity and Availability

PartnerStack has documented and implemented a business continuity and disaster recovery plan that may be activated in case defined disruptions.

PartnerStack enforces automated daily backups for its databases on multiple zones.

PartnerStack tests its business continuity and disaster recovery scenarios at least annually.

Reliability and Capacity Monitoring

PartnerStack has a comprehensive monitoring system that helps to ensure the reliability of the platform and its related components.

Bug Bounty and Vulnerability Reports

PartnerStack does not currently have a formal bug bounty program but we encourage all researchers to submit identified vulnerabilities with a summary and a proof of concept (POC) to and our team will respond as soon as possible.