NEW AI & agent attack-surface fingerprinting is live

Trust & Security

How Resensor secures your data, who we rely on to run the platform, and exactly where we stand on compliance. We are a security company, so we hold ourselves to the standard we measure others against.

Resensor is an external attack surface management platform. You trust us with a map of your most sensitive infrastructure, so this page lays out, in plain terms, how we protect it. For the binding legal detail, see our Privacy Policy and Terms of Service.

Compliance status

We believe in honest signals, so here is exactly where we stand today, with no badge we have not earned.

FrameworkStatus
Certified infrastructure In place
Resensor is built and hosted entirely on SOC 2 Type II and ISO 27001 certified providers. See Infrastructure and subprocessors below.
GDPR (EU / UK) Compliant
Self-assessed. We act as a processor for customer data, support data-subject requests, and rely on Standard Contractual Clauses for international transfers. A Data Processing Addendum (DPA) is available on request.
CCPA / CPRA (California) Compliant
Self-assessed. We do not sell personal data and honor consumer privacy rights.
SOC 2 Type II On our roadmap
We design and operate to SOC 2 controls today, and we will pursue formal attestation as we scale. Need our security posture for a deal in flight? Email security@resensor.io and we will share detail under NDA.

How we protect your data

Infrastructure and subprocessors

We run on a small, deliberate set of vendors, each carrying its own independent security certifications. They process data on our behalf under written agreements and may not use it for their own purposes.

ProviderPurposeCertifications
CloudflareMarketing hosting, CDN, DNS, DDoS protectionSOC 2 Type II, ISO 27001, PCI DSS
DigitalOceanApplication hosting and databaseSOC 2 Type II, ISO 27001, PCI DSS
StripePayment processing and subscription billingPCI DSS Level 1, SOC 2
Transactional email providerSign-in links, billing receipts, alert deliveryEncrypted in transit (TLS)

For the current, authoritative subprocessor list and our data-transfer safeguards, see the Privacy Policy.

Compliance, built into the product

Compliance is also something Resensor does for you. Every finding the platform reports is tagged with the controls it maps to across SOC 2, ISO 27001:2022 Annex A, and PCI DSS v4.0, so you can turn external attack surface findings into audit evidence without re-keying anything.

Reporting a vulnerability

Found a security issue in Resensor? We want to hear about it. Email security@resensor.io with enough detail to reproduce the issue. We will acknowledge your report and keep you updated, and we will not pursue action against good-faith research that respects user data and avoids privacy violations, service disruption, and data destruction.

Data handling

You stay in control of your data. You can export or delete it from within the Service: removing a target deletes its scans, findings, and assets, and deleting your organization removes its data on a defined schedule. Full detail on retention, international transfers, and your rights lives in the Privacy Policy.

Working through a security or procurement review? We are happy to walk through our architecture, complete a security questionnaire, or share more detail under NDA. Email security@resensor.io.