SOC 2 Type II
Current (latest report November 2025). Covers security, availability, and confidentiality trust criteria. Report available under NDA.
Loading...
Certifications
AI infrastructure
Technical + organisational measures
Sub-processor list
| Processor | Purpose | Region | Attestation |
|---|---|---|---|
Supabase Database + file storage | Primary Postgres + Row-Level Security + pgvector + encrypted backups | EU (Frankfurt) | SOC 2 Type II · ISO 27001 |
Vercel Application hosting + edge | Next.js app hosting, edge functions, CDN | EU (Frankfurt + Paris) | SOC 2 Type II · ISO 27001 |
Hetzner Backend workers + job queue | pg-boss queue, AI processing, heavy background jobs | EU (Falkenstein, DE) | ISO 27001 |
Cloudflare R2 Video + static assets | Course video, branded assets, CDN with zero egress fees | EU (FRA / AMS) | SOC 2 Type II · ISO 27001 · PCI DSS |
Anthropic AI model provider (Claude API) | AI assistants, generation endpoints (anonymised payloads only) | EU (via SCC 2021/914). USA backend | SOC 2 Type II |
Resend Transactional email | Invitation emails, renewal reminders, compliance digests | EU (selected) | SOC 2 Type II |
CM.com SMS gateway (primary) | SMS tokenised learning delivery + STOP keyword handling | EU (Netherlands) | ISO 27001 · ISO 9001 |
Twilio SMS gateway (global fallback) | SMS delivery where CM.com coverage is absent | EU (Ireland) | SOC 2 Type II · ISO 27001 · PCI DSS |
Sentry Error tracking | Application error + performance monitoring (PII stripped in beforeSend) | EU | SOC 2 Type II · ISO 27001 |
Upstash Redis (rate limits + cache) | Sliding-window rate limiting, short-TTL cache | EU | SOC 2 Type II |
Responsible disclosure
Request documents
Email security@colport.io, procurement-grade replies within 1 business day.
Request a demo