Livescraper
Sign inGet Started
Home  ·  Trust Center
Trust & security

Every document
your security team needs.

SOC 2 Type II reports, DPA, sub-processor list, SLA, pen-test summary, security white paper. All in one place. Most are downloadable instantly; a few need a signed NDA — request and we send within 24 hours.

SOC 2 Type II GDPR aligned CCPA compliant HIPAA-eligible BAA ISO 27001 (in audit)
Documents

Browse & download.

Compliance · NDA required

SOC 2 Type II Report

Most recent audit: 18 March 2026 · auditor: A-LIGN. Covers Security, Availability, Confidentiality. 12-month observation window.

Compliance · public

Data Processing Agreement (DPA)

GDPR-compliant DPA template, pre-signed by Livescraper. Counter-sign and email to dpo@livescraper.com.

Download PDF
Privacy · public

Sub-processor list

Every third-party that processes data on our behalf — AWS, Stripe, Postmark, Cloudflare, Sentry. Updated within 30 days of any change.

View list
Operations · public

Service Level Agreement (SLA)

99.95% uptime guarantee · 4-hour response on Severity 1 · service credits for missed SLA. Effective for paid accounts above 1,000 credits/month.

Download PDF
Security · NDA required

Penetration test summary

Q1 2026 pen test: NCC Group. 0 critical, 0 high, 2 medium (both fixed within 14 days). Full report under NDA.

Reference · public

Security white paper (16 pages)

Full architecture overview · encryption at rest & in transit · access controls · incident response process · vendor management.

Download PDF
Compliance · public

BAA (HIPAA Business Associate Agreement)

For health-sector customers handling PHI. Available on request — we sign as Business Associate, with PHI handling controls layered on top.

Reference · public

Vulnerability disclosure policy

Found a security issue? Email security@livescraper.com with reproduction steps. We acknowledge within 24h; triage in 72h.

Read policy
Operations · public

Incident response plan

What happens when something goes wrong: detection · containment · communication · post-mortem. 1-hour disclosure SLA to affected customers.

Download PDF
Quick facts

Numbers your auditor will ask.

SOC 2 Type IIAnnual since 2023 · A-LIGN auditor · 12-month window
EU + US data residencyPick at signup: AWS us-east-1 or eu-central-1
EncryptionAES-256 at rest · TLS 1.3 in transit · KMS-managed keys
BackupsDaily · encrypted · cross-region · quarterly restore drills
AccessSSO + WebAuthn for staff · just-in-time prod access · audited
Incident SLACustomer notice within 1h · regulator within 72h
Data retentionExports auto-purge after 30 days unless marked retain
Sub-processorsEvery one carries SOC 2 or equivalent · list updated 30 days before changes

Need something we don't have listed?

Most security questionnaires can be answered from these documents. For anything custom, email security@livescraper.com — we respond within one business day.

Talk to security