ISO 27001 Year 3 Surveillance Audit Complete

Trust Center

background-image
Start your security review
ControlK

Overview

At ChurnZero, we know that your trust depends on how well we protect your data. That’s why security, privacy, and compliance are woven into every aspect of our business—from how we build our platform to how we support our customers.

This Trust Center is your single source for information about our security posture, compliance certifications, and data protection practices. Here, you can explore our policies, review audit reports, and request access to detailed security documentation. Our goal is simple: to give you confidence that your data is handled with the highest standards of care, transparency, and integrity.

Compliance

ISO/IEC 27001 Logo
ISO/IEC 27001
SOC 2 Type 2 Logo
SOC 2 Type 2
HIPAA Logo
HIPAA
GDPR Logo
GDPR
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
Privacy Shield Logo
Privacy Shield

ChurnZero is reviewed and trusted by

HackerRank-company-logoHackerRank
Sibme-company-logoSibme
FreeWill-company-logoFreeWill
Untappd-company-logoUntappd
Cision-company-logoCision
iContact-company-logoiContact
MyShopManager-company-logoMyShopManager
Boulevard-company-logoBoulevard
Critical Mention-company-logoCritical Mention
ABBYY-company-logoABBYY
Cin7-company-logoCin7
Smoothwall-company-logoSmoothwall
Cofense-company-logoCofense
GoCanvas-company-logoGoCanvas
FiscalNote-company-logoFiscalNote
Woven-company-logoWoven
IntelAgree-company-logoIntelAgree
Trust Center Updates

ISO 27001 Year 3 Surveillance Audit Complete

Copy link
Compliance

We're pleased to announce the successful completion of our Year 3 ISO 27001 Surveillance Audit. This annual review confirms that our information security management system continues to meet the rigorous requirements of the ISO 27001 standard. Our updated certificate is now available for download on our Trust Center. This milestone reflects our continued commitment to maintaining the highest standards of information security for our customers.

2026 Penetration Testing Complete

Copy link
General

ChurnZero is pleased to announce the successful completion of our 2026 annual third-party penetration test, conducted in March 2026. Security is a core commitment at ChurnZero, and engaging an independent firm to assess our systems each year is an important part of how we validate and maintain that commitment.
The customer letter summarizing the engagement scope, methodology, and findings is available for download below.

2025 SOC 2 Type II Report Now Available

Copy link
Compliance

ChurnZero has completed its 2025 SOC 2 Type II examination, reaffirming our unwavering dedication to securing customer data and protecting privacy across our platform. This report provides an in-depth, independent evaluation of the controls and processes we maintain to ensure the security, availability, and confidentiality of your information.

We remain committed to upholding the highest standards of trust and transparency as we continue to strengthen our security program. To review the full assessment and learn more about how we safeguard your data, you can download the report below.

Documents

REPORTSAWS Network Diagrams
REPORTSChurnZero AI / OpenAI DPIA
REPORTSChurnZero AI FAQ
REPORTSChurnZero DPIA
REPORTSData Flow Diagram (DFD)
REPORTSHIPAA Report
REPORTSPentest Customer Letter
REPORTSSOC 2 Report
COMPLIANCEHIPAA
COMPLIANCEISO/IEC 27001
COMPLIANCESOC 2 Type 2
SELF-ASSESSMENTSCAIQ

Reports

AWS Network Diagrams
ChurnZero AI / OpenAI DPIA
ChurnZero AI FAQ
View more

Security Grades

SecurityScorecard
ChurnZero
Security Scorecard A grade
Qualys SSL Labs
ChurnZero Application
A+
UpGuard
ChurnZero Application
A

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Certificates of Destruction
Data Asset Classification
View more

App Security

Application Penetration Testing
Code Analysis
Secure Development Training
View more

ESG

Anti-Bribery and Corruption
Code of Ethics
Diversity, Equity, and Inclusion
View more

Legal

Subprocessors
ConvertAPI-company-logo
Cyber Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Access Log Management
Data Access
Device Lock
View more

Infrastructure

Status Monitoring
Amazon Web Services
Capacity Planning & Management
View more

Endpoint Security

Anti-Malware
Disk Encryption
Host Intrusion Detection System (HIDS)
View more

Network Security

Data Loss Prevention
Distributed Denial of Service Protection (Anti-DDoS)
Firewall
View more

Corporate Security

Email Protection
Employee Handbook
Employee Training
View more

Incident Response

Forensic Retainer
Incident Reporting Process
Pager Service

Risk Management

Data Access/Impact Levels
Risk Assessments
Third-Party Dependence

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking
View more

BC/DR

Alternate Processing/Storage Site
Business Continuity Plan (BCP)
Contingency Plan Testing/Lessons Learned
View more

Training

Employee Privacy Training
Phishing Training
Secure Development Training
View more

Change Management

Change Management Program
Change Restrictions
Configuration Management Program
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Data Loss Prevention System (DLP)
View more

Subprocessors

Built onSafeBase by Drata Logo