Palo Alto, CA
Reading Time: 2 minutes


Immersa is SOC 2 Type II Compliant
We respect the privacy and security of all customer data that we touch. Immersa utilizes enterprise-grade best practices to protect our customers’ data. We are now SOC 2 Type II compliant. The compliance reports is available on request under NDA.

Continuous Security Control Monitoring
Immersa continuously monitors 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allows Immersa to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests
Immersa works with industry leading security firms to perform annual network and application layer penetration tests.

Secure Software Development
Immersa utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption
Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program
If you believe you’ve discovered a bug in Immersa’s security, please get in touch at Our security team promptly investigates all reported issues.

Unique Architecture
We believe companies should have control of their data and our architecture is designed around accessing only the data we need and storing it temporarily for no longer than we need to. The underlying cloud platforms and services we use maintain industry standard certifications and ensure the highest level of care for your data. Our overall architecture has 3 simple components:

  • Execute the needed queries to access your data
  • Store data temporarily while we process and analyze the information
  • Transfer the data back to your systems of record.

Internal Security
We complete regular reviews and pen tests using trusted security vendors, as well as regular audits to ensure you have complete peace of mind. We encrypt all data at rest using standard AES-256 encryption algorithms and use recent TLS versions for all connections between systems while never relying on self-signed certificates.

Least privilege is the best privilege
At Immersa, we believe that least privilege is the best privilege. When we request you for access to your data, we specify the minimum scope needed for us to do what we need and that access can be revoked at any time as needed.

Caring for your data is our top priority
Customer data is stored in secure enterprise-grade public clouds such as Google Cloud, Microsoft Azure, and Amazon Web Services. Access to your data is defined by attribute based access controls—allowing users, owners, and admins to have fine grained application access control far more advanced than traditional role based applications security models. Our policies for its internal employees ensure safe and compliant handling of user