Canny is now SOC 2 type II compliant

· 2 min read
Canny is now SOC 2 type II compliant

If you’ve been following our journey, you know that we’re always improving Canny. You also might’ve heard that we’re adapting Canny to serve larger organizations better

But we didn’t just take what we have and decide to sell it to a whole new market. We’re making sure that Canny delivers what that market is looking for.

We know that enterprises are looking for an easy-to-use and secure feedback tool. That’s why we decided to get a System and Organization Controls (SOC) 2 Type II audit.

It’s a rigorous auditing procedure from the American Institute of CPAs (AICPA) that checks our security policies, procedures, and controls. It also specifies how organizations should manage customer data. This protects our interests and your privacy

We’ve been SOC 2 Type I compliant since 2019. This meant that our security procedures were SOC 2 compliant at a point when the audit was performed.

We’ve now decided to take it one step further. SOC 2 Type II, the next audit stage, shows that a company is compliant for 90 days.

Canny completed a thorough SOC 2 Type II compliance audit administered by our independent auditor Sensiba San Filippo

We documented all our processes and data management infrastructure. We also developed a progressive approach to data access permissions. Drata, our independent security and compliance partners, reviewed our security procedures and helped us through this process.

As a result, our SOC 2 Type II audit came back clean, showing our compliance with the SOC 2 security standard. 

And we’re not stopping there – we’re continually auditing and improving our security. We are committed to getting a new SOC 2 Type II report annually.


  • To give our clients peace of mind (including our Free plan users!)
  • To make it easier for new companies to partner with us
  • To better serve the enterprise market

Everyone’s heard of at least one major security breach from a well-known company. That’s why security is so crucial. The last thing we want is to compromise any data, especially our customers’ data (and their users’ data).

We strive to be the very best version of Canny possible! We’re now working on:

  • Expanding our SOC 2 Type II security compliance to all five standards – security, availability, processing integrity, confidentiality, and privacy
  • Getting ISO 27001 compliance

Stay tuned for our future updates – subscribe to our blog.

Maria Vasserman

Maria loves all things creative – writing, photography, movies and beyond 🎥 When she's not creating content to tell the world about Canny, she's either photographing a wedding, jumping at a rock concert, camping, travelling, snowboarding, or walking her dog 🐕‍🦺

All Posts - Website · Twitter - Facebook - LinkedIn

Canny is a user feedback tool. We help software companies track feedback to build better products.
Notify of
Inline Feedbacks
View all comments
© Canny 2023
Privacy · Terms · Security