Security Posture, Trust, and Privacy
This page summarizes our current security posture from internal documentation and operating controls.
Snapshot date: January 27, 2026
SOC 2 Status
SOC 2 readiness work is in progress. We are not presenting this as a current SOC 2 Type I or Type II attestation.
Identity and Access Controls
WorkOS AuthKit support, org-level RBAC, and enterprise admin/owner MFA policy are part of the access control baseline.
Audit Trail and Governance Evidence
Audit events are written to DynamoDB with TTL controls and can be forwarded to WorkOS audit logs for enterprise visibility.
Session and Abuse Protection
JWT lifetimes and login/reset/API key rate limits are runtime-configurable with documented defaults.
Network and Origin Controls
CORS allowlists and Socket.IO allowed-origins are configurable for production deployments.
Data Retention and Deletion Policy
Published policy defines default retention windows and deletion request handling timelines.
Incident Response and Risk Management
Documented incident response, vendor management, and risk assessment policies govern security operations.
Security Hardening and Testing
An internal security/pentest pass and runtime hardening updates are documented, including timeout, rate-limit, and auth posture work.
Outreach Safety Guardrails
Business-hour controls, pacing constraints, connection-gate checks, and human review controls are built into ABM execution flows.
Security Documentation Available
- Access Control Policy
- Data Retention and Deletion Policy
- Incident Response Plan
- Vendor Management Policy
- Risk Assessment
- Audit Trail Setup
- SOC 2 Readiness Audit
- Security / Pentest Pass Notes
DPA, SLA, and subprocessor details are available upon request.
Support: support@laserreach.com · Security: security@laserreach.com