SOC 2 compliance

More than 2,000 software sellers trust Paddle with their data. We are fully committed to data privacy and security, and have successfully completed Service Organization Control (SOC) 2 Type 1 audit.

The scope of our SOC 2 Type 1 Report includes:

• Scope: Revenue Delivery Platform Services System as of July 15, 2021
• Selected SOC 2 Criteria: Security, availability and confidentiality
• Examination Type: SOC 2 Type 1

What is SOC 2?

The AICPA Service Organization Control (SOC) is one of three reporting standards developed by AICPA and used by service organisations to report on their documented operational and information security policies and procedures.

What is a SOC 2 report?

A SOC 2 audit report provides detailed information and assurance about an organisation’s security, availability, processing integrity, confidentiality and privacy controls, based on their compliance with the American Institute of Certified Public Accountants (AICPA) trust services criteria.

How can I request a copy of Paddle’s SOC 2 Type 1 Report?

Paddle’s SOC 2 Type 1 report is available to our existing and prospective sellers who have signed a non-disclosure agreement. You can request a copy through one of the following methods:

• Contact us directly
• Email your Account Manager directly

When will Paddle be SOC 2 Type 2 certified?

Paddle has completed the Type 1 audit and intends to commence the Type 2 engagement at the beginning of February 2022. This will cover the audit period October 2021 to January 2022.