We’re pleased to announce that Grafbase has successfully achieved SOC 2 Type II compliance, an important milestone in our ongoing commitment to trust, security, and operational excellence.
This certification validates that our internal controls meet the rigorous standards defined by the American Institute of Certified Public Accountants (AICPA) across the Trust Services Criteria for Security, Availability, and Confidentiality. The audit was conducted with support from Vanta, and covered not just our systems, but also our processes, infrastructure, and operations over an extended period.
SOC 2 compliance goes beyond a point-in-time certification. It requires a sustained, organisation-wide approach to protecting data, operating securely, and managing systems reliably. For Grafbase customers, particularly those in regulated industries or enterprise environments, SOC 2 compliance offers an added layer of assurance that their APIs, data, and development workflows are protected against evolving security threats.
This achievement signals to our customers and partners that Grafbase doesn’t just move fast, we do so with intention and control. Secure by design, and built for scale.
Achieving SOC 2 Type II involved an in-depth review of Grafbase’s architecture, access management, change control, monitoring, incident response, and more. It required aligning our internal policies with the SOC 2 framework and undergoing a formal audit process to demonstrate the ongoing effectiveness of our controls.
Every element, from CI/CD pipelines to customer data handling, was measured against stringent standards, with a clear focus on traceability, resilience, and confidentiality.
If you're evaluating Grafbase for use across teams or departments, especially in environments where procurement and security reviews are part of the process, this certification can help accelerate due diligence and build trust early in the engagement.
It also helps de-risk vendor onboarding by confirming that our systems are designed to handle sensitive workloads and meet enterprise-grade expectations for governance and compliance.
This milestone is not an endpoint. Maintaining SOC 2 compliance is now a continuous part of how we operate. We’re committed to scaling our security programme as we grow and investing in automation, visibility, and proactive controls.
You can explore our security policies, request access to audit documentation, and track compliance updates by visiting the Grafbase Trust Center or contacting our sales team.