Release Logo

Security & Compliance

At Release, security and compliance are foundational to everything we build. We maintain rigorous security standards and industry certifications to ensure your data is protected.

SOC 2 Type 2 Certified

Release maintains SOC 2 Type 2 certification, independently audited annually by a qualified third-party firm. This certification validates our security controls across the Trust Service Criteria:

  • Security — Protection against unauthorized access
  • Availability — System accessibility as agreed upon
  • Processing Integrity — System processing is complete and accurate
  • Confidentiality — Information designated as confidential is protected
  • Privacy — Personal information is collected and used appropriately

Request our SOC 2 Report: Contact security@release.com to request a copy (NDA required).

GDPR Compliance

Release is committed to GDPR compliance for customers processing data of EU residents:

  • Data Processing Agreement — Standard DPA available for all customers (view DPA)
  • Standard Contractual Clauses — SCCs for international data transfers
  • Data Subject Rights — Full support for access, rectification, erasure, and portability requests
  • Subprocessor Transparency — Complete list of subprocessors with 30-day change notification (view list)

CCPA Compliance

For California residents, Release supports CCPA requirements:

  • Right to Know — Request information about data collected about you
  • Right to Delete — Request deletion of your personal information
  • Right to Opt-Out — We do not sell personal information to third parties
  • Non-Discrimination — Equal service regardless of privacy choices

To exercise your rights, contact support@release.com.

Security Controls

Release implements comprehensive security controls to protect your data:

Encryption

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for data at rest
  • AWS KMS for secure key management

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required
  • Principle of least privilege enforcement
  • Regular access reviews and audits

Monitoring

  • 24/7 infrastructure monitoring
  • Real-time alerting for security events
  • Comprehensive audit logging
  • Automated vulnerability scanning

Incident Response

  • Documented incident response procedures
  • 72-hour breach notification commitment
  • Regular incident response testing
  • Post-incident analysis and improvement

Vendor Security

Release maintains strict security requirements for all vendors and subprocessors:

  • Security Assessment — All vendors undergo security review before engagement
  • SOC 2 Requirement — Critical vendors must maintain SOC 2 or equivalent certification
  • Contractual Protections — Data processing agreements with all vendors handling customer data
  • Ongoing Monitoring — Regular review of vendor security posture and compliance

Documentation Available

The following security and compliance documentation is available upon request:

SOC 2 Type 2 Report

Complete audit report (NDA required)

Request

Security Whitepaper

Overview of security architecture and controls

Request

Penetration Test Summary

Summary of latest penetration test results (NDA required)

Request

Data Processing Agreement

GDPR-compliant DPA

View

Questions About Security & Compliance?

Our security team is available to answer questions and provide additional documentation for your security review process.

Contact us at security@release.com