Veylan

Our own posture

A compliance company without its own compliance is a punchline.

Here's exactly where we are. Updated as our own status changes — the same way your Trust Center will work.

  • GDPR compliance
    Active

    EU-incorporated, EU data residency, DPA on request.

  • SOC 2 Type I
    In progress — report Q3

    Auditor engaged, observation period started.

  • SOC 2 Type II
    In observation
  • ISO 27001
    Planned 2027

    Once SOC 2 is shipped.

  • Encryption at rest
    AES-256 (Supabase managed keys)
  • Encryption in transit
    TLS 1.3 only
  • Data residency
    EU (Frankfurt)
  • MFA enforcement
    Required for all Veylan staff
  • Penetration testing
    Annual (next: Q4 2026)
  • Backup + DR
    Hourly backups, RPO 1h, RTO 4h

Want the long version? Email security@veylan.com for our security questionnaire response or a copy of the SOC 2 report when it's available.

Security — Our own posture · Veylan