Live Vanta integration is live

Trust Center

Welcome to Ghostable’s Trust Center. Security and privacy are built into how we operate, not bolted on. Use this page to understand our security posture and reach out if you need supporting documentation.

Ghostable is aligning with the SOC 2 Trust Services Criteria for Security, Availability, and Confidentiality. We are not yet audited or certified.

SOC 2 Status

  • Type II in progress.
  • Target coverage period: Q1 2026 (dates TBD).
  • Auditor selection: in progress.
  • Policies and control documentation maintained internally.
  • Evidence collection underway with quarterly cadence.

Scope

  • Systems: Ghostable web app, API, CLI, admin dashboard, and core infrastructure services used to operate the platform.
  • Trust Services Criteria: Security, Availability, Confidentiality.

Controls summary

  • Access control with least privilege and periodic access reviews.
  • Audit logging for sensitive and administrative actions.
  • Change management with source control and CI checks.
  • Vulnerability management with dependency monitoring.
  • Incident response procedures with tabletop exercises.
  • Vendor management for critical third-party services.

Zero-Knowledge Architecture

Encryption and decryption happen locally in the CLI. Only ciphertext and non-sensitive metadata are stored. This changes how certain controls are implemented, but not the security objectives they serve.

Roadmap

We plan to complete a SOC 2 Type II audit after the coverage period and will share updates once a report is available.

Audit status: No third-party SOC 2 report has been issued.

Questions? Contact support at support@ghostable.dev .