Security at Variance

    Variance is committed to protecting our customers and their data. Security is foundational to our platform and is tested by a team of security experts.

    SOC 2 Type II

    Variance maintains SOC 2 Type II compliance, independently audited annually. Our controls cover security, availability, and confidentiality.

    Encryption

    All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed through a dedicated key management service.

    Access Controls

    Role-based access controls, multi-factor authentication, and audit logging ensure only authorized personnel access your data.

    Data Processing

    Customer data is processed in isolated environments. We maintain strict data segregation and do not commingle customer data.

    Infrastructure

    Hosted on enterprise-grade cloud infrastructure with high availability, automated backups, and disaster recovery capabilities.

    Compliance

    We support GDPR, CCPA, and other global privacy frameworks. Data Processing Agreements are available for all enterprise customers.

    Responsible AI

    Variance AI systems are designed with transparency, auditability, and fairness at their core. Every automated decision includes a complete evidence trail with cited sources and step-by-step reasoning. Our models are regularly tested for bias and accuracy.

    Incident Response

    We maintain a comprehensive incident response plan with defined escalation procedures, communication protocols, and post-incident review processes. Customers are notified promptly of any security events that may affect their data.

    Questions about security?

    Our team is happy to discuss our security practices and provide additional documentation.

    Get in touch