We’re excited to announce that Freckle is officially SOC 2 Type II compliant.
We first achieved Type I in December 2025, confirming that our security controls were properly designed. As of March 4, 2026, we achieved Type II, verifying that those controls operated effectively over a three-month observation period, validated by an independent auditor.
What is SOC 2 Type II?
SOC 2 (Service Organization Controls 2) is a security framework governed by the American Institute of Certified Public Accountants (AICPA).
A SOC 2 audit evaluates whether a company has the appropriate controls in place to protect customer data and whether those controls are operating effectively.
The framework evaluates organizations across five trust service criteria:
- Security – protecting systems from unauthorized access
- Availability – ensuring systems remain reliable and operational
- Processing Integrity – ensuring systems process data accurately
- Confidentiality – protecting sensitive information
- Privacy – ensuring personal data is handled appropriately
SOC 2 Type II is widely considered the gold standard for security compliance in the technology industry. Whereas Type I reports confirm that security controls are properly designed at a specific point in time, Type II reports go further by verifying that those same controls operated effectively over a defined observation period under independent review.
Why this matters for our customers
So what does that actually mean for teams using Freckle?
Freckle sits directly on top of your CRM and interacts with the records that power outbound campaigns, lead routing, and pipeline prioritization.
When teams run enrichment workflows and sync updates back into their CRM, they rely on the platform underneath to handle that data responsibly.
Our SOC 2 Type II certification confirms that:
- Customer data is protected by comprehensive, independently verified security controls
- Access to systems and sensitive data is strictly controlled and regularly reviewed
- Systems are continuously monitored to detect and respond to potential security issues
- Security practices are tested and verified through independent audits
- Teams can reference Freckle’s SOC 2 report during security and vendor reviews
Why we made the commitment early
Many companies wait until later stages to pursue SOC 2 compliance, often once larger enterprise deals require it. We deliberately chose to invest in it early.
Freckle sits at the center of revenue teams’ workflows. When CRM data powers outbound campaigns, lead routing, and pipeline prioritization, trust in the platform handling that data matters from the start. Security shouldn’t be something teams have to question as they adopt new infrastructure.
Achieving SOC 2 Type II at an early stage reflects our commitment to building security into the foundation of the product rather than layering it on later. The controls, monitoring, and operational practices behind Freckle are designed to scale alongside the platform and the teams that rely on it.
Our compliance partners
Achieving SOC 2 compliance requires both continuous monitoring and independent validation.
We partnered with Vanta to automate audit evidence collection and monitor our security controls across the systems that support Freckle. We worked with Advantage Partners to conduct both our Type I assessment and our Type II audit.
Accessing the SOC 2 report
Customers can request access to our SOC 2 reports through our Trust Center.
A foundation for building Freckle
Achieving Type II compliance is an important milestone for Freckle and reflects the work our product, engineering, and customer teams have put into building a secure foundation for the platform.
We’ll keep strengthening our security practices as the product evolves and as more teams rely on Freckle to power their CRM workflows. Why? Because clean CRM data only works when the system underneath it is trustworthy.
Questions about our security practices? Contact our team at security@freckle.io.
