Security

SOC 2 Certificate

Last updated: June 4, 2026

Placeholder page. This describes our SOC 2 program and how to request the report. Do not publish a SOC 2 Type II claim until an independent audit is complete and the report is issued. Verify all statements with your auditor and counsel before launch.

1.What SOC 2 Type II means

SOC 2 is an independent examination of a service organization's controls relevant to security, availability, processing integrity, confidentiality, and privacy. A Type II report evaluates how those controls operate over a period of time (not just at a single point), and is performed by a licensed CPA firm.

SOC 2 TYPE II AES-256 AT REST TLS 1.3 IN TRANSIT ZERO DATA TRAINING LEAST-PRIVILEGE ACCESS

2.Scope of our program

Encryption of data at rest and in transit.
Access controls, authentication, and audit logging.
Change management and secure software development.
Vendor risk management and incident response.
Continuous monitoring of security controls.

3.How to request the report

The full SOC 2 report contains confidential information and is shared under a non-disclosure agreement (NDA). Enterprise customers, partners, and prospects can request it by emailing security@visasherpa.ai. We will provide the current report after an NDA is in place.

4.Related

See our Trust & Safety overview and Privacy Policy for more on how we protect your data.