Secure platform, infrastructure and data.

Your data is sensitive. We are constantly improving our security,
compliance and audit initiatives with your trust in mind.

Loading animation...

We comply with global privacy laws & security standards.

SOC 2 Type II Certified

Patch’s SOC 2 Type II report includes the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

HIPAA Compliance

Patch is certified to securely handle healthcare and related data.

GDPR Compliance

Patch complies with the EU's GDPR, including prompt data deletion upon request.

CCPA Compliance

Patch ensures policies, processes, and controls comply with CCPA requirements.

Data & Infrastructure Security

Secure-by-design, Patch is built to protect your most sensitive data.

Secure infrastructure provider

We host all of our data in physically secure, U.S.-based leading cloud provider facilities that include 24/7 on-site security, camera surveillance, and more.

Strict access controls

Access to all Patch systems is managed through our identity provider, which automates user provisioning, enforces passwordless MFA, and logs all activity.

Server security & monitoring

All servers are configured using documented security guidelines, and images managed centrally. Changes to the company’s infrastructure are tracked, and security events logged appropriately.

Personnel Security

Employees are vetted 
& trained on security practices.

Formal security policies & incident response plan.

Patch maintains a set of comprehensive security polices that are kept up-to-date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.

Continuous security training.

Patch provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly.

Application Security

Development practices have security & quality checks built-in.

Development & change management

Code development is done through a documented SDLC process and tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed.

Third-party vendor security review process

Through a comprehensive review process, we ensure that all of our third-party apps and providers meet our security data protection standards before using them.

Start building with data packages.