Is Funneled SOC 2 certified?

Not yet. SOC 2 is on our roadmap and we are building our controls toward it. We are happy to walk your security team through our current practices and share progress against that goal.

How do I report a vulnerability?

Email our security team with the details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure.

Can you complete our security questionnaire or sign an NDA?

Yes. We are glad to support vendor security reviews, complete questionnaires, and discuss an NDA where appropriate. Contact our security team to start.

Security

Security is foundational

Last updated June 2026

Your funnels carry your brand, your customers, and the data that runs your acquisition. Protecting that is core to earning the right to run it.

We follow widely recognised security practices across our infrastructure, our application, and our team. We will be straight about where we are: SOC 2 is on our roadmap and we are building toward it, but we are not certified today.

Here is how we protect your data and funnels right now.

Talk to Us Email security@getfunneled.com

Encrypted in transit

Traffic to Funneled is protected with TLS, and we run on reputable cloud infrastructure rather than hardware we manage ourselves.

Least-privilege access

Access to production systems and customer data is limited to the people who need it to do their job, and no further.

Tenant isolation

Funneled is multi-tenant by design. Each client’s data is isolated by client identity across the platform.

Monitoring and backups

We monitor our systems and back up critical data so we can detect issues and recover from them.

Our approach

We treat security as part of building the product, not a separate checklist. That covers the infrastructure Funneled runs on, the application your team uses, and how our own people access systems.

Infrastructure

Funneled runs on established cloud infrastructure (AWS), using managed databases, content delivery, and storage rather than servers we rack ourselves. This gives us a strong baseline of physical and network security maintained by the cloud provider, on top of our own controls.

Application security

Funneled is multi-tenant: many clients share the platform, and each client’s data is isolated by client identity throughout the system. We apply authentication and access controls, validate input, and build with isolation in mind so one tenant cannot reach another’s data.

Data protection

We encrypt traffic in transit with TLS, restrict access to production data on a least-privilege basis, and back up critical data so it can be recovered. For how this maps to privacy obligations, see our GDPR and privacy page.

SOC 2 and certifications

We want to be clear here, because this is exactly the kind of claim that should never be fuzzy: Funneled is not currently SOC 2 certified.

SOC 2 is on our roadmap. We are aligning our controls and practices toward that standard, and we will update this page as we reach meaningful milestones. If your evaluation depends on certification timelines, talk to us and we will share where we are.

Responsible disclosure

If you believe you have found a security vulnerability in Funneled, we want to hear about it. Email our security team with the details and steps to reproduce, and please give us a reasonable chance to investigate and fix it before disclosing publicly.

For your security review

If your organisation runs a vendor security assessment, we are glad to help. We can walk your team through our practices, complete a security questionnaire, and discuss arrangements such as an NDA where appropriate.

Security questions or vulnerability reports

Email us at security@getfunneled.com and we will get back to you.

Frequently asked
questions

Talk to Us

Building for a team that
asks the hard questions?

Book a call and we will walk your security, privacy, or accessibility reviewers through how Funneled works.

Book a Demo View Pricing