Platform
Product Listing Private Offers Resale Offers Agreements Cosell Billing & Metering Reporting Workflows AI & Intelligence Integrations
Solutions
AWS Marketplace Google Cloud Marketplace Microsoft Marketplace Alliances & Partnerships RevOps Deal Desk Finance Just Getting Started Transform Your GTM Automate to Scale
Pricing
Partner
Resource
Guides Blog Customer Stories Events & Webinars Support Docs APIs SDKs Security Changelog
Sign in Get a Demo

Security & Privacy

Enterprise-grade security for your marketplace data.

SOC 2 Type II certified, GDPR-compliant, TLS 1.3 and AES-256 encryption everywhere. The same security posture trusted by Intel, Snowflake, and Fireblocks.

Compliance & certifications
SOC 2 Type II

SOC 2 Type II

Annual security audit certification

GDPR

GDPR

EU data protection compliance

How we protect your data

Our security principles

Encryption everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your sensitive information is always protected.

Zero-trust architecture

Every request is authenticated and authorized. We follow the principle of least privilege across our entire infrastructure.

Secure infrastructure

Hosted on enterprise-grade cloud infrastructure with multiple availability zones, automated backups, and disaster recovery.

Regular audits

We undergo regular third-party security audits, penetration testing, and vulnerability assessments.

Enterprise controls

Built for enterprise security teams

Suger provides comprehensive security controls to meet the most demanding enterprise requirements — SSO, RBAC, audit logging, and IP allowlisting out of the box.

View Privacy Policy
Single Sign-On (SSO) with SAML 2.0
Multi-factor authentication (MFA)
Role-based access control (RBAC)
Audit logging for all actions
IP allowlisting
Session management and timeout
API key rotation
Webhook signature verification
Responsible disclosure

Report a security vulnerability

We value the security community's help in keeping Suger and our customers safe. If you discover a vulnerability, please report it responsibly.

Our commitments

Acknowledge all reports within 48 hours
Keep reporters informed of remediation progress
No legal action against good-faith researchers
Coordinate on disclosure timelines

What we ask

Provide sufficient detail to reproduce the issue
Allow reasonable time before public disclosure
Avoid disrupting services or accessing others' data
FAQ

Security questions, answered

Is Suger SOC 2 compliant? +

Yes. Suger is SOC 2 Type II certified, with annual third-party audits covering security, availability, and confidentiality. Our latest SOC 2 report is available to enterprise customers under NDA.

Is Suger GDPR compliant? +

Yes. Suger complies with GDPR requirements for EU data protection, including lawful processing, data subject rights, and cross-border transfer safeguards. A Data Processing Agreement (DPA) is available for all customers.

How does Suger encrypt customer data? +

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed through cloud provider KMS services with automatic rotation.

Where is Suger data hosted? +

Suger is hosted on enterprise-grade cloud infrastructure (AWS) across multiple availability zones in the US, with automated backups and disaster recovery. EU data residency is available for enterprise customers.

Does Suger support SSO and MFA? +

Yes. Suger supports SAML 2.0 single sign-on with providers like Okta, Azure AD, Google Workspace, and OneLogin. Multi-factor authentication (MFA) is available for all users.

How do I report a security vulnerability? +

Email security@suger.io with details of the vulnerability. We acknowledge all reports within 48 hours and coordinate on remediation and disclosure timelines. See our responsible disclosure policy below.

Can I get Suger's security documentation? +

Enterprise customers can request our SOC 2 Type II report, penetration test summary, and security questionnaire responses. Contact security@suger.io or schedule a call with your sales rep.

Have security questions?

Our security team is here to help. Request our SOC 2 report, DPA, or schedule a security review.

Contact Security Team Privacy Policy