Security
Your lists never leave the safe.
Email lists are sensitive. We treat them that way: SOC 2 audited, encrypted at rest and in flight, purged after 24 hours by default. Here's the full overview.
Certifications & compliance
SOC 2 Type II
Independently audited annually. Report available under NDA.
GDPR
Full compliance with EU data protection. DPA on request.
CCPA
California consumer rights honored across the platform.
ISO 27001 (in progress)
Audit underway — expected completion Q4 2026.
Operational controls
Encryption everywhere
AES-256 at rest. TLS 1.3 in transit. Keys rotated quarterly via KMS.
Minimal retention
Verification lists purged after 24 hours by default. Zero-retention available.
Access controls
SSO (SAML), role-based permissions, least-privilege engineering access, audit logs on admin actions.
Monitoring
24/7 alerting on anomalous traffic, failed logins, and API abuse. Sub-15-min incident response.
Audit logs
Every API request logged. Exportable on Business plans. Retained 90 days.
Vetted personnel
Background checks, signed NDAs, security training. Access reviewed quarterly.
Need our SOC 2 report or DPA?
Both available under NDA. Email security@killbounce.com with your company name.