This website is currently in development and testing. Some content on here is still dummy and features may change or be unstable.
SOC 2 CheckerCheck Your Report

Privacy Policy

Last updated: January 25, 2025

Zero PDF Retention

SOC 2 reports are deleted immediately after analysis

90-Day Metadata

Analysis results stored for 90 days only

No Disk Storage

Reports processed in-memory only

Overview

The SOC 2 Quality Checker ("Service") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and how we protect it. Our core principle is simple: we never store your SOC 2 reports.

Data We Collect

Analysis Metadata (Retained for 90 days)

  • Analysis timestamp
  • Overall quality score and grade
  • Category scores (without specific report content)
  • Report metadata (page count, control count)
  • Rubric version used
  • Processing mode (Private or Full)

API Usage Data (Retained for 90 days)

  • API key identifier (hashed)
  • Request timestamps
  • Request count and rate limiting data
  • Error logs (without report content)

Website Analytics

  • Page views and feature usage
  • Browser type and device information
  • Referral sources

Data We Do NOT Collect

We NEVER Store or Retain:
  • Your actual SOC 2 PDF files
  • Report content, text, or excerpts
  • Vendor names or identifying information from reports
  • Control descriptions or test procedures
  • Any confidential or proprietary information

How We Handle Your Reports

Private Mode

In Private Mode, your SOC 2 report is processed entirely in your browser. The file never leaves your device. We receive only the final analysis scores—no report content is transmitted to our servers.

Full Analysis Mode & API

  1. Upload: Your PDF is transmitted over TLS 1.3 encrypted connection
  2. Processing: The file is parsed in server memory (RAM only)
  3. Analysis: Quality evaluation is performed against the rubric
  4. Response: Results are returned to you
  5. Deletion: The PDF is immediately purged from memory (typically within 60 seconds of upload)

Important: No part of your report is ever written to disk or persistent storage.

Third-Party Services

We use the following third-party services:

  • Anthropic Claude API: For AI-powered analysis in Full Analysis mode. Report content is sent to Claude for analysis and is subject to Anthropic's Privacy Policy. Anthropic does not retain prompts or outputs for API customers.
  • Vercel: Hosting and infrastructure. Subject to Vercel's Privacy Policy.
  • Analytics: We use privacy-focused analytics that do not track individual users.

Your Rights

You have the right to:

  • Request deletion of your analysis metadata before the 90-day retention period
  • Export your analysis history (API users)
  • Request information about what data we hold
  • Opt out of analytics tracking

To exercise these rights, contact us at privacy@soc2quality.com.

Data Security

  • All data in transit is encrypted using TLS 1.3
  • API keys are stored using industry-standard hashing
  • Access to systems is restricted and logged
  • We maintain SOC 2 Type 2 compliance for our own infrastructure

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes by posting a notice on our website. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

Privacy Questions?

privacy@soc2quality.com