How we protect your compliance data.
AuditBadger holds the records your audit depends on: controls, evidence, policies, risks, vendors, incidents, and audit history. Here is how that data is protected, stated plainly and without marketing gloss.
The controls behind the workspace.
EU infrastructure
Primary infrastructure is hosted in the European Union, which keeps data residency simple for European customers and predictable for everyone else.
Encryption in transit
All traffic between your browser and AuditBadger is protected with TLS. The same applies to communication between internal services.
Encryption at rest
Application data and uploaded evidence are encrypted at rest by the underlying platform services.
Tenant isolation
Every customer workspace is separated by tenant boundaries enforced in the application and data model. Your evidence is never visible to another tenant.
Role-based access
Access is scoped by role and responsibility, so founders, operators, and auditors each see what they need and nothing more.
Audit logs
Significant workspace actions are recorded, so you can answer "who changed this and when" during reviews instead of reconstructing it from memory.
We hold ourselves to the same standard we sell.
AuditBadger is SOC 2 Type I compliant, and we got there the same way our customers do: by running our own controls, evidence, policies, and risks inside AuditBadger. The product exists because we went through this process ourselves.
SOC 2 Type I
Our own controls have been examined by an independent auditor.
AuditBadger runs on AuditBadger
Our compliance program is managed in the same workspace we ship to customers.
Continuous program, not a one-off
Policies, reviews, and evidence stay maintained between audit windows — ours included.
AI assistance stays under human review.
AuditBadger uses AI to draft policies, explain controls, and suggest evidence. It does not get to make compliance decisions on its own.
- Human approval: every AI-assisted draft, mapping, and suggestion is reviewed and approved by your team before it becomes part of your program.
- Configurable use: you decide how AI assistance is applied in sensitive workflows, including turning it down where you prefer manual work.
- Accountability: compliance decisions remain attributable to named people in your workspace, not to automated output.
Built for the way small teams handle an audit.
Least-privilege access, evidence review workflows, and activity history are part of the product — so involving an auditor or an external reviewer doesn't mean handing over the keys.
Running a security review on us?
We answer security questionnaires and share appropriate documentation during vendor review. Email us and you will talk to the people who actually run the infrastructure, not a ticket queue.
Found something?
If you believe you have found a security issue in AuditBadger, report it to security@auditbadger.com. We read every report and respond to good-faith research.
Security questions before you commit?
Ask them before the audit does. We will walk through our security posture as part of any demo or vendor review.
security@auditbadger.com