Back to list


Elven is SOC2 Certified

We are happy to announce that we have officially received our SOC 2 Type 1 certification this week!

A certified independent auditor, Insight Assurance (the same SOC auditor of OpenAI), conducted the detailed examination. Through this process, Elven demonstrated its adherence to data security, availability and confidentiality standards developed by the American Institute of Certified Public Accountants (AICPA).

What is SOC 2?

SOC 2, or Service Organization Control 2, is a framework for managing and securing data, particularly for technology and cloud computing organizations. It was developed by the American Institute of CPAs (AICPA) and is specifically designed for service providers storing customer data in the cloud.

Some key aspects of SOC 2:

  1. Security and Data Protection:
    SaaS companies often handle sensitive customer data. SOC 2 focuses on the security of this data, ensuring that proper measures are in place to protect against unauthorized access, data breaches, and other security threats.
  2. Trust and Confidence:
    Achieving SOC 2 compliance demonstrates to customers that the company takes data security seriously. This can enhance trust and confidence among clients and prospects, especially in industries where data security and privacy are paramount.
  3. Compliance Standards:
    SOC 2 is recognized globally as a standard for managing and securing sensitive information. Adhering to SOC 2 compliance demonstrates that the company is committed to meeting industry-accepted standards for security and privacy.
  4. Operational Excellence:
    SOC 2 compliance involves establishing and maintaining effective operational policies and procedures. This not only enhances security but also contributes to overall operational excellence within the organization.
  5. Risk Management:
    SOC 2 requires organizations to identify and manage risks to the security and confidentiality of information. This proactive approach to risk management helps companies identify potential threats and implement measures to mitigate them.
  6. Legal and Regulatory Requirements:
    Compliance with SOC 2 often aligns with legal and regulatory requirements related to data protection. This is especially important as data privacy laws and regulations continue to evolve globally.

What do these certifications mean for Elven customers?

Elven works with clients' sensitive data: account information, transaction records and even financial reports. They need to know that we’ll keep their data secure because it's one of their most important assets. The SOC2 certification is evidence that we take their data security as our first priority.

After successfully concluding the SOC 2 Type 1 audit, our company is now actively engaged in advancing towards the SOC 2 Type 2 and SOC1 Type 2 audit, demonstrating our continued commitment to prioritizing security. We anticipate obtaining our SOC 2 Type 2 and SOC1 Type 2 certification by the end of the first quarter in 2024.

If you want to have the complete report or have any questions regarding our security or platform, please feel free to contact us at