Hatchet is currently preparing for out SOC 2 Type 2 compliance audit. Our SOC 2 report is expected to be available to all customers on our Enterprise plan by Q3 2024.

All customer databases are continuously backed up to highly durable storage.

Hatchet requires industry-standard Transport Layer Security (versions 1.2+) encryption for all connections. All database services support client certificate verification modes. Critical internal traffic is protected by mutual TLS.

All data volumes, including backups, are encrypted at rest with unique keys specific to each service, and keys are automatically rotated at a regular cadence.

Hatchet regularly collaborates with external security audit firms to assess our security posture and intrusion detection capabilities. Our most recent penetration test is available by request.

Google and Github OAuth authentication is available to all customers. SSO/SAML authentication is available to customers on our Enterprise Plan.

Hatchet keeps the list of data subprocessors available upon request.

Software developed by Hatchet is constantly analyzed by static analysis security tools. Code is reviewed as changes are proposed and security design reviews take place as needed.

Hatchet runs all services on GCP data centers which have some of the highest levels of security and reliability available.

Engineering review for security best practices, making sure your Hatchet deployment is secure from unauthorized access, data breaches, and other security threats.

Credit card payments are processed through Stripe without storing personal credit card information. Corporate invoicing is also available to Enterprise Tier customers. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.