Aegis Data
Trust Center
Security you can verify, not just trust. Review our certifications, request our compliance reports, and verify the subprocessors that handle data on our behalf — all in one place.
Content last reviewed 17 May 2026
Security overview
Aegis Data runs a defence-in-depth security program for the data infrastructure thousands of teams rely on. Our controls are independently audited every year against SOC 2 Type II and ISO 27001, and we publish the evidence here so prospective and current customers can verify it for themselves. Production data is encrypted in transit and at rest, access follows least privilege with mandatory MFA, and every privileged action is logged and reviewed. This Trust Center is the single place to review our certifications, request our reports, and see which subprocessors handle data on our behalf.
Encryption
TLS 1.2+ in transit, AES-256 at rest, with managed key rotation.
Access control
Least privilege, mandatory MFA, quarterly access reviews.
Monitoring
Centralised logging and continuous infrastructure monitoring.
Incident response
Documented plan with severity levels and customer notification.
Document library
Public documents download immediately. Gated documents require an account and an approved access request.
ISO/IEC 27001:2022 Certificate
Certification
Current ISO/IEC 27001:2022 certificate of registration for the Aegis Data information security management system, including the Statement of Applicability scope summary.
Cloud Security Alliance CAIQ
Report
Completed Consensus Assessments Initiative Questionnaire (CAIQ v4) mapping Aegis Data controls to the CSA Cloud Controls Matrix.
Penetration Test Summary (Q1 2026)
Report
Executive summary of the most recent third-party penetration test of the Aegis Data production environment, including methodology, severity breakdown and remediation status. Full technical findings available on request.
SOC 2 Type II Report (2026)
Report
Independent SOC 2 Type II examination covering the Security, Availability and Confidentiality trust services criteria for the twelve months ending March 2026. Issued by an AICPA-accredited auditor.
Business Continuity & DR Plan Summary
Policy
Executive summary of the Aegis Data business continuity and disaster recovery program, including RTO and RPO targets and the most recent failover test result.
Information Security Policy Summary
Policy
Public summary of the Aegis Data Information Security Policy — the governing document for every security control referenced in this Trust Center.
Security Whitepaper
Policy
A plain-language overview of the Aegis Data security program: infrastructure, encryption, access control, monitoring, incident response and the secure development lifecycle. No login required.
Data Processing Agreement (DPA)
Agreement
Standard Data Processing Agreement governing how Aegis Data processes customer personal data, including the EU Standard Contractual Clauses and the list of authorised subprocessors.
Subprocessor List
Agreement
The current list of third-party subprocessors that may process customer data, with purpose and processing location for each. Updated whenever the list changes.
Subprocessors
The third parties that may process customer data on behalf of Aegis Data.
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Primary cloud infrastructure and object storage | United States / Ireland |
| Cloudflare | CDN, DNS and DDoS protection | United States |
| Datadog | Infrastructure monitoring and log analytics | United States |
| Stripe | Subscription billing and payment processing | United States |
| SendGrid | Transactional email delivery | United States |
| Zendesk | Customer support ticketing | United States / Germany |
Security FAQ
Common questions from security and procurement teams.
Yes. Aegis Data completes an annual SOC 2 Type II examination covering the Security, Availability and Confidentiality criteria. The current report is available from this Trust Center after a short access request.
All customer data is encrypted in transit with TLS 1.2 or higher, and at rest with AES-256. Encryption keys are managed in a dedicated key management service with strict access controls and rotation.
Production access follows least privilege. Every account requires multi-factor authentication, access is granted just-in-time and reviewed quarterly, and all privileged actions are logged to an immutable audit trail.
Customer data is hosted in audited AWS regions. Customers on the EU plan have their data processed and stored within the EU. The full list of subprocessors and processing locations is published in the Subprocessor List.
A summary of the most recent third-party penetration test is available in the document library. Request access with the account you registered and an administrator will review it, usually within one business day.
Aegis Data maintains a documented incident response plan with defined severity levels, on-call rotation and customer notification commitments. Security incidents affecting customer data are communicated without undue delay.
Yes. Our standard Data Processing Agreement, including the EU Standard Contractual Clauses, is available in this Trust Center and can be countersigned as part of onboarding.
Documents are updated whenever a new audit completes or a policy changes. The Last reviewed date at the foot of the page reflects the most recent review of the published content.
Still have a security question?
Reach the Aegis Data security team directly, or create an account to request the specific document you need.