It’s Official: Gorgias is Now SOC 2 Type II Certified

It’s Official: Gorgias is Now SOC 2 Type II Certified

When you use Gorgias, we know that you’re putting your trust in us. That’s why we hold our commitment to your security as our highest priority and safeguard your data with full transparency. Our security policy contains penetration testing, incident response plan, data lifecycle, comprehensive system status live report, and more.

We're thrilled to share that Gorgias is Service Organization Control (SOC) 2 compliant for Type 2. This achievement follows our numerous investments in platform security over the years as part of our goals to secure customer data. 

An independent auditor conducted a thorough audit of our servers, systems, and products over six months. They verified that our information security practices, policies, procedures, and operations meet the thorough SOC 2 standards for security.

2022 update: We're happy to share that we renewed our SOC 2 Type 2 certification to continue protecting our customer data.

This industry-wide recognition serves as our reassurance that your data is managed in a controlled and audited environment. 

What is SOC 2 Type II Compliance?

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for evaluating how well a company manages customer data and ensuring a set of security controls are in place. A SOC 2 report is unique to each organization because it’s in line with specific business practices. 

Source: AICPA

There are two types of SOC 2 reports: Type I and Type II. Type I checks if a system can handle issues like data breaches. Meanwhile, Type II examines how the system works and how effective it is to protect data against security threats.

What Does Our SOC 2 Type 2 Compliance Mean for You?

Our completion of the SOC 2 Type II audit is our testament to the fact that we always prioritize your data security and privacy. We appreciate your trust in us and strive to strengthen this trust in the long term. 

You can be sure that:

  • The data you share with Gorgias meets the AICPA standards for security. That goes for your personal information, ticket inquiries, customer data, and the like. 
  • Your data is protected with procedures and controls to assess, minimize, and eliminate risks and vulnerabilities. 
  • We always conduct ongoing monitoring of features and processes across our platform to maintain security. 

What’s Next?

We hope our successful SOC 2 Type 2 helps you rest easy knowing that your data in Gorgias is secure. But this update is only the latest milestone in delivering our commitment. We’re continuing to improve our security control and data privacy practices for all merchants. To learn more about our security policies, visit our security page or contact us at

Frequently asked questions

Camille Savary
The customer service platform built for ecommerce brands

Join the 14,547+ brands that use Gorgias every day

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Subscribe to our weekly newsletter!

Get the latest ecommerce tips for growing your business and invites to industry-leading events, right to your inbox.
Thank you! You should have received an email 🎉
Oops! Something went wrong while submitting the form.