SOC 2 Type II
Queringo maintains a SOC 2 Type II attestation issued by an independent, accredited CPA firm. The report covers a full 12-month audit period and is renewed each year. SOC 2 Type II confirms that our controls were not only designed correctly (Type I) but operated effectively throughout the audit period (Type II).
Trust Service Criteria covered
| Criterion | What it covers |
|---|---|
| Security (CC) | Logical and physical access controls, change management, risk assessment, and continuous monitoring |
| Availability (A) | System uptime commitments, incident response procedures, and disaster recovery (Multi-AZ, RPO 5 min, RTO 1 hour) |
| Confidentiality (C) | Data classification, encryption at rest and in transit, NDA requirements for sub-processors, and data disposal |
Scope
The SOC 2 scope covers:
- Queringo API and query execution pipeline
- Data source connector layer and schema discovery pipeline
- Alert evaluation and notification delivery infrastructure
- Underlying AWS infrastructure: ECS Fargate (compute), RDS PostgreSQL (database), ElastiCache Redis (cache), KMS (key management), and CloudFront (CDN)
- Frontend application on Vercel (Security criteria only)
SOC 2 compliance and access to the full report are included on Scale and Enterprise plans. Growth customers may request a summary letter for vendor due-diligence purposes.
Requesting the report
To receive a copy of the SOC 2 Type II report, email security@queringo.com from your business email address with your company name and the purpose of the request. We will send a mutual NDA for countersignature and share the report within two business days of execution.
Scale and Enterprise customers with an active subscription receive automatic delivery of each new annual report after renewal.
Continuous compliance
In addition to the annual audit, we perform quarterly internal control reviews, continuous automated security scanning on every deployment, and annual penetration tests by an accredited third-party firm. Findings are tracked and remediated before the next audit window.