TwoPlus
Product
Solutions
Resources
Pricing
Log inStart Free
Trust center

Security isn't a
checkbox. It's the
whole foundation.

TwoPlus lives in the middle of your stack. We take that responsibility seriously, with real certifications, honest documentation, and a security team you can email.

SOC 2
Type II
Certified
Mar 2026
ISO 27001
2022
Certified
Feb 2026
GDPR
Article 28
Compliant
Active
HIPAA
BAA on request
Available
Enterprise
CCPA
California
Compliant
Active
PCI-DSS
via Stripe
Delegated
Active
Our posture

Six pillars we hold ourselves to.

01
Data isolation
Every customer gets a dedicated logical tenant. Agent context, memory, and logs never cross tenants. Enterprise plans can opt into dedicated compute and encryption keys.
02
Encryption
AES-256 at rest, TLS 1.3 in transit. Keys rotated every 90 days. Bring-your-own-KMS available on Enterprise (AWS KMS, GCP KMS, Azure Key Vault).
03
Access control
SSO via SAML 2.0 / OIDC on Pro+. SCIM provisioning. Role-based permissions down to the agent level. Session tokens rotate every 15 minutes.
04
Audit logs
Every action, human or agent, is logged with actor, target, payload hash, and timestamp. Stream to your SIEM (Datadog, Splunk, Panther) or export via API.
05
Responsible AI
Agents can’t access data outside their explicit scopes. Output policies can block classes of action (send email, transfer funds, delete repo) without explicit human sign-off.
06
Incident response
Security incidents reported to customers within 24 hours. Postmortems published within 5 business days. On-call rotation: 24/7/365.
Data flow

Where your data lives, and where it doesn't.

01
Your tools
GitHub, Linear, Slack, etc. Agents read with scoped tokens you control.
02
TwoPlus tenant
Encrypted at rest. Region-pinned (US, EU, APAC). SSO + SCIM.
03
Model providers
Anthropic, OpenAI, Gemini. Never trained on your data. Zero-retention mode on Enterprise.
04
Audit log
Every read, write, and tool call. Streamable to your SIEM.
Need the full security pack?
DPAs, pen-test results, SOC 2 report, architecture diagrams. Available under NDA, your account team can share the link.