From designed to proven: Indeemo completes SOC 2 Type II attestation

When we completed our SOC 2 Type 1 audit, we said that trust is earned continuously - not announced once. We also committed to moving straight into Type 2 monitoring.

We are now pleased to share that Indeemo has successfully completed a SOC 2 Type 2 audit, independently conducted by Sensiba.

Key Takeaways

  • Indeemo has successfully completed a SOC 2 Type 2 audit, independently audited by Sensiba
  • The audit resulted in a clean, unqualified opinion with no exceptions noted
  • Our controls were not only well designed - they were operating effectively over time
  • The audit covered the Trust Services Criteria for Security, Availability, and Confidentiality

What SOC 2 Type 2 means and why it matters

SOC 2 Type 2 goes beyond reviewing policies on paper. It independently verifies that security controls are:

  • properly designed

  • consistently followed

  • working effectively over time

For our customers, that means confidence that Indeemo’s security practices don’t just exist - they hold up in day-to-day operation.

What the result means

A clean opinion with no exceptions is the best possible outcome from a Type II audit.

0

Exceptions noted across the full audit period. No control failures. Controls consistently followed throughout — independent confirmation of high operational maturity.

What Indeemo’s result means for you

Achieving a clean opinion with no exceptions demonstrates that:

  • Your data is protected by controls that are consistently applied

  • Our security processes are mature, repeatable, and independently verified

  • We operate with a high level of discipline across engineering, security, and operations

Whether you are handling participant data, sensitive customer insights, or operating in a regulated environment, this provides third-party assurance that Indeemo can be trusted to manage and protect your data.

Security built into how we operate

Our approach to security is continuous, not point-in-time.

Continuous monitoring and evidence collection

help ensure controls are always functioning as expected.

AWS security infrastructure

provides a secure and resilient foundation

Cross-team operational discipline

ensures security is embedded across the organisation

How security works between Indeemo and our customers. Shared responsibility

Security is a shared responsibility between Indeemo and our customers.

Indeemo's Responsibility

  • Platform and infrastructure security
  • Encryption and data protection
  • Access control and monitoring
  • Incident response and resilience

Customer's Responsibility

  • Managing user access within their organisation
  • Enforcing strong authentication (e.g. MFA)
  • Maintaining credential security and user lifecycle management

Understanding that split helps set realistic expectations and makes the overall security posture stronger on both sides.

Accessing the report

A copy of our SOC 2 Type 2 report is available via our Trust Centre:
https://trust.indeemo.com

What comes next

SOC 2 is not a one-time milestone — it’s an ongoing commitment.

We will continue to maintain and strengthen our controls, with continuous monitoring and regular independent audits as Indeemo grows.

Our controls are not just designed. They are proven to work over time.

Aoife Looney