Trust Center
Knoq is actively building toward SOC 2 Type II. This page is the running status of our compliance program and how to request security artifacts under NDA.
Certifications and reports
SOC 2 Type I
In progressPoint-in-time attestation covering Security, Availability, and Confidentiality.
SOC 2 Type II
PlannedSix-month operational-effectiveness audit following Type I issuance.
ISO 27001:2022
PlannedInformation Security Management System certification. Deferred until enterprise demand justifies the spend.
What we commit to
Availability SLO
99.9% monthly uptime for the production Knoq application and Platform Operations Console, measured by external probe.
Encryption
TLS 1.3 preferred, TLS 1.2 minimum with PFS-only ciphers. AES-256-GCM with pinned 16-byte auth tag for customer secrets at rest.
Audit trails
Append-only org and platform audit logs with database-level tamper prevention (revoked UPDATE/DELETE + detective trigger).
Penetration testing
Annual authenticated penetration test covering the web app, platform admin, Business-tier features, and MCP trust boundary.
Incident response
Documented severity matrix, notification clocks aligned with GDPR Art. 33 and applicable state laws, annual tabletop exercise.
Deletion
Crypto-shredding via per-tenant DEK discards makes backup copies unreadable without waiting for backup retention to expire.
Supporting documents
Request reports under NDA
Enterprise prospects and customers can request current versions of Knoq's SOC 2 reports, penetration test summary, and subprocessor DPAs under mutual NDA. We typically respond within two business days.
Email security@knoq.one