Security

Security that stands up to your procurement team.

SOC 2 Type II audited. ISO 27001 certified. Every flagship app is Atlassian Cloud Fortified. Data stays in the EU.

Visit the Trust CenterRequest a SOC 2 report →
Live evidence from our Trust CenterEU data residency · GDPR-compliantNDA-gated reports available on request
Security and compliance illustration

Frameworks

Certified, audited, and continuously monitored.

We maintain four compliance frameworks on active audit cycles. Evidence is live on our Trust Center — browse it any time, or request reports for vendor due diligence.

SOC 2 Type II badge

SOC 2 Type II

View evidence →

Independent audit of security, availability, and confidentiality controls — covering people, processes, and systems. Renewed annually.

ISO 27001 badge

ISO 27001

View evidence →

Internationally recognised Information Security Management System (ISMS) certification. Continuously maintained; surveillance audits every year.

badge

View evidence →

Atlassian’s top-tier app security programme. Every flagship view26 app is Cloud Fortified — enterprise-grade security, reliability, and support.

GDPR

GDPR

View evidence →

EU General Data Protection Regulation. EU-headquartered (Duisburg, Germany). Data stays in the EU; DPA on request; subject-access workflows documented.

What we protect

Four layers of defence.

Every layer is documented, audited, and continuously monitored — not just written on a policy document.

01

Infrastructure security

AES-256 encryption at rest, TLS 1.2+ in transit, least-privilege access across production systems. Continuous monitoring of cloud posture.

02

Organisational security

Background checks on hire, mandatory security training, documented role-based access, quarterly access reviews, MFA on every system.

03

Product security

Secure SDLC, peer code review, automated dependency scanning, annual third-party penetration testing, responsible disclosure programme.

04

Incident response

Documented IR plan with on-call rotation, customer notification SLAs, post-mortems, and annual tabletop exercises. 24/7 response for P1 incidents.

All production data stored and processed in the EU — AWS Frankfurt, with a DPA on request and subject-access workflows documented.

Subprocessors

Who we rely on.

A handful of vendors handle parts of the view26 platform. The full list — including subprocessor updates and customer notification history — lives on the Trust Center.

Full subprocessor list →
VendorRegion
Amazon Web Services
Atlassian
Bitbucket
Confluence
Google Workspace
Jira
Slack
Vanta

Live evidence

Every control. Every audit. One place.

The view26 Trust Center shows the live status of every security control, audit reports, policies, and subprocessor updates. NDA-gated documents are available on request with one click.

Open Trust Center

Security question that needs a human answer?

Responsible disclosure, vulnerability reports, vendor DD questionnaires — email security@view26.com or use the form below.

security@view26.comOpen contact form