Compliance & trust

Onboard security posture, SOC 2 Type 2, and where to find policies and attestations.

Onboard is designed for teams that need a clear story on security, privacy, and operational maturity. This page summarizes how we communicate compliance to customers and prospects.

SOC 2 Type 2

Onboard is SOC 2 Type 2 compliant. An independent auditor has evaluated our controls over a period of time (not only a point-in-time design review), which maps to how most enterprises evaluate SaaS vendors for customer data and service commitments.

For the latest reports, subprocessors, policies, and answers to common security questions, use our public Trust Center:

https://trust.onboard.io

What you will find on the Trust Center

Typical materials hosted there (availability may depend on your relationship with Onboard and NDA where applicable) include:

  • Security and privacy documentation
  • Compliance reports and attestations
  • Subprocessor and infrastructure transparency
  • Security reviews and questionnaires — email [email protected]

If you are running a vendor review, start from the Trust Center. For agreements, custom addenda, or questions not covered there, email [email protected].

How is this guide?

Integrations

API, webhooks, iPaaS, Retool, and no-code integration options.

Security checklist

Practical checks for Onboard REST API, webhooks, and MCP integrations before go-live and in production.

On this page

SOC 2 Type 2What you will find on the Trust CenterRelated