Security

Security that stands up to your procurement team.

SOC 2 Type II audited. ISO 27001 certified. Every flagship app is Atlassian Cloud Fortified. Data stays in the EU.

Visit the Trust Center →Request a SOC 2 report →
Evidence available via our Trust CenterEU data residency · GDPR-compliantNDA-gated reports available on request
SOC 2ISO 27001GDPRCF

Frameworks

Certified, audited, and continuously monitored.

We maintain four compliance frameworks on active audit cycles. Evidence is live on our Trust Center — browse it any time, or request reports for vendor due diligence.

SOC 2 Type II badge

SOC 2 Type II

View evidence →

Independent audit of security, availability, and confidentiality controls — covering people, processes, and systems. Renewed annually.

ISO 27001 badge

ISO 27001

View evidence →

Internationally recognised Information Security Management System (ISMS) certification. Continuously maintained; surveillance audits every year.

Atlassian Cloud Fortified badge

Atlassian Cloud Fortified

View evidence →

Atlassian’s top-tier app security programme. Every flagship view26 app is Cloud Fortified — enterprise-grade security, reliability, and support.

GDPR

GDPR

View evidence →

EU General Data Protection Regulation. EU-headquartered (Duisburg, Germany). Data stays in the EU; DPA on request; subject-access workflows documented.

What we protect

Four layers of defence.

Every layer is documented, audited, and continuously monitored — not just written on a policy document.

01

Infrastructure security

AES-256 encryption at rest, TLS 1.2+ in transit, least-privilege access across production systems. Continuous monitoring of cloud posture.

02

Organisational security

Background checks on hire, mandatory security training, documented role-based access, quarterly access reviews, MFA on every system.

03

Product security

Secure SDLC, peer code review, automated dependency scanning, annual third-party penetration testing, responsible disclosure programme.

04

Incident response

Documented IR plan with on-call rotation, customer notification SLAs, post-mortems, and annual tabletop exercises. 24/7 response for P1 incidents.

All production data stored and processed in the EU — AWS Frankfurt, with a DPA on request and subject-access workflows documented.

Subprocessors

Who we rely on.

A handful of vendors handle parts of the view26 platform. The full list — including subprocessor updates and customer notification history — lives on the Trust Center.

Full subprocessor list →
VendorRegion
AtlassianAWS · EU
Amazon Web Serviceseu-central-1 (Frankfurt)
CloudflareGlobal edge

Live evidence

Every control. Every audit. One place.

The view26 Trust Center shows the live status of every security control, audit reports, policies, and subprocessor updates. NDA-gated documents are available on request with one click.

Open Trust Center →

Security question that needs a human answer?

Responsible disclosure, vulnerability reports, vendor DD questionnaires — email security@view26.com or use the form below.

security@view26.com →Open contact form →