Squirro AG has engaged A-LIGN Compliance and Security, Inc. as an independent auditor to conduct a SOC 2 Type I and Type II assessment under the Security criteria of the AICPA Trust Services Criteria. The organization is actively working towards obtaining the SOC 2 report, demonstrating the effectiveness of its security controls in protecting customer data and ensuring a robust information security posture.

As part of this effort, Squirro AG is implementing and refining its security controls to align with SOC 2 requirements. The company is currently preparing for the Type I assessment, which evaluates the design of controls at a specific point in time, followed by the Type II assessment, which assesses the operational effectiveness of controls over a defined period. This initiative reflects Squirro AG's commitment to maintaining high security standards and strengthening trust with customers and stakeholders.

At Squirro AG, we are committed to ensuring compliance with the General Data Protection Regulation (GDPR) by implementing strict data protection measures and maintaining transparency in our data processing practices. As a data processor and controller, we safeguard personal data through ISO 27001-certified security controls, encryption, and access restrictions.

We provide data subject rights under GDPR, including access, rectification, erasure, restriction, and portability. Users can request to review, modify, or delete their personal data in accordance with legal and regulatory obligations. Our Data Protection Officer (DPO) oversees compliance, ensuring adherence to privacy principles such as data minimization, purpose limitation, and security by design.

For international data transfers, we apply EU-approved Standard Contractual Clauses (SCCs) or ensure that adequate safeguards are in place. We conduct regular data protection impact assessments (DPIAs) and uphold privacy by default across our services.

For GDPR inquiries or data requests, users may contact our DPO

Squirro encrypts data in transit (SSL/TLS protocols, TLS 1.2 or higher) and at rest (AES-256 encryption) to ensure the confidentiality and integrity of sensitive data.