Skip to main content
Our SOC 2 Type II certification means you can trust Quo with your business data. An independent auditor has verified that our security controls are designed correctly and operate reliably over time. This certification confirms that we maintain the policies, technical safeguards, and operational procedures required to meet industry-recognized security standards.

​
What is SOC 2?

SOC 2 (System and Organization Controls 2) is a security and privacy framework created by the American Institute of CPAs (AICPA). It outlines how service providers should manage customer data and is based on five trust service criteria:
  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
A SOC 2 Type II report verifies that a company’s security controls are documented, consistently followed, and withstand real-world security demands over a specific period of time. This is the gold standard for SaaS companies that handle sensitive business data.

​
What does Quo’s SOC 2 certification include?

Quo completed a SOC 2 Type II audit with Insight Assurance, an independent third-party auditor. Their evaluation confirmed that our systems, policies, and processes operated effectively throughout the audit period and met the necessary standards for securely managing customer data. To maintain this level of security beyond the audit window, we use Vanta to test and track key security controls, including:
  • Access management
  • Data encryption
  • Vendor risk
  • Logging and monitoring
  • Employee security training
  • Policy reviews and documentation
These controls are supported by Quo’s security infrastructure, which encrypts data in transit using TLS 1.2+ and at rest using AES-256 encryption. We also host our systems on AWS and Google Cloud Platform, adding another layer of enterprise-grade security. This approach helps us catch risks early and keep our safeguards strong between audit cycles.
Want to learn more? Get a bird’s-eye view of security and compliance at Quo.

​
How to request Quo’s SOC 2 report

Because SOC 2 reports contain sensitive information about our internal security controls, they aren’t publicly available. Current or prospective customers can request a copy as part of their vendor due diligence process. To request a copy:
  • Email [email protected] with the subject line: SOC 2 Report Request
  • Include your name, company, role, and the reason for your request
  • A member of our team will proceed with the MNDA and SOC2 report, or request any additional details
We review each SOC 2 request individually to ensure you get the right documents.If your security team needs vendor questionnaires, proof of compliance, or anything beyond the SOC 2 report, mention those requirements in your initial email and we’ll bundle everything together.

​
Do customers need to configure anything for SOC 2?

No. SOC 2 certification reflects Quo’s internal security controls and does not require you to change anything in your Quo account or settings. We maintain our security controls continuously, so nothing is required on your end to stay aligned with our SOC 2 practices.