PLATFORM OVERVIEW

Attest Path

AttestPath operates as the world’s first AI-driven agent-based compliance workforce. Through autonomous intelligent agents, it enables end-to-end delivery of leading standards like SOC 2, ISO 27001, and HIPAA, focusing on outcomes rather than manual checklists. The company’s internal security framework follows the same philosophy. AttestPath is SOC 2 compliant on an annual basis, with its controls independently evaluated by certified CPA auditors under the Security and Availability trust principles.

Certifications

1 active framework

SOC 2

See certifications

Documents

2 files available

AttestPath – SOC 2 Type I Report (current version)

SOC2 | Request access

Request access

AttestPath_Responsible_Disclosure_Policy.docx.pdf

Security Policy

Request access

Subprocessors

6 external service providers

AWS GitHub Google Cloud Platform OpenAI API +2 additional services

View all subprocessors

Frequently Asked Questions

4 popular queries

How is user access control managed within AttestPath?

How does the system process retirement of data assets?

What safeguards defend against external security risks?

See all questions

WHAT WE STAND FOR

You shouldn’t be required to act as a security specialist

All you really need is a system that operates with that level of intelligence. We walk you through each step, take care of repetitive tasks using AI-driven agents, and clearly highlight what is still missing, so you never end up guessing, delaying, or feeling stuck.

Have a security question?

Got a security-related query? Not able to locate what you need? Get in touch with our security team and we will respond as quickly as possible.

Reach Security Team Ask for Document Access

Close Bigger Deals Today, Without
Hiring a Compliance Team

Book a Demo

VENDOR	PURPOSE	DATA PROCESSED	LOCATION
AWS	Cloud storage service underpinning Supabase's file storage capabilities, ensuring secure, scalable, and reliable storage of user-uploaded evidence files. S3, ECS, Fargate, ALB.	-	us-east-1
GitHub	Source code management and version control. Manages the storage, versioning, and collaboration of AttestPath's source code, configurations, and migration files. Facilitates continuous integration and deployment workflows through integration with Vercel.	-	Alabama
Google Cloud Provider	Google Cloud provides Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) solutions, including compute resources, cloud storage, networking, database hosting, and security infrastructure. The organization's production systems, data storage, backups, and supporting infrastructure are hosted within Google Cloud's environment.	-	us-central1
OpenAI API	LLM Provider with Zero Data Retention (ZDR) agreement in place.	-	-
Supabase	Provides authentication for secure user login and role management, PostgreSQL database for storing compliance data, user profiles, and reports, and AWS S3-backed file storage for secure evidence uploads. Hosted in Canada (Central).	-	Canada (Central)
Vercel	Primary hosting provider for the AttestPath web application and its serverless backend services, including report generation. Provides scalability, load balancing, and availability. Hosted in the USA East (Washington DC) region.	-	USA East (Washington DC)

VENDOR

PURPOSE

DATA PROCESSED

LOCATION

AWS

Cloud storage service underpinning Supabase's file storage capabilities, ensuring secure, scalable, and reliable storage of user-uploaded evidence files. S3, ECS, Fargate, ALB.

us-east-1

GitHub

Source code management and version control. Manages the storage, versioning, and collaboration of AttestPath's source code, configurations, and migration files. Facilitates continuous integration and deployment workflows through integration with Vercel.

Alabama

Google Cloud Provider

Google Cloud provides Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) solutions, including compute resources, cloud storage, networking, database hosting, and security infrastructure. The organization's production systems, data storage, backups, and supporting infrastructure are hosted within Google Cloud's environment.

us-central1

OpenAI API

LLM Provider with Zero Data Retention (ZDR) agreement in place.

Supabase

Provides authentication for secure user login and role management, PostgreSQL database for storing compliance data, user profiles, and reports, and AWS S3-backed file storage for secure evidence uploads. Hosted in Canada (Central).

Canada (Central)

Vercel

Primary hosting provider for the AttestPath web application and its serverless backend services, including report generation. Provides scalability, load balancing, and availability. Hosted in the USA East (Washington DC) region.

USA East (Washington DC)