What trust, governance, and compliance frameworks does Warp reference?
Warp references SOC 2, ISO 27001, GDPR, CCPA, and Virginia CDPA as governance frameworks.
Does Warp hold a SOC 2 attestation?
The materials state that Warp holds a SOC 2 Type 2 attestation.
What privacy and legal policies does Warp publish?
Warp’s listed policies include a Privacy Notice, Acceptable Use Policy, Member Terms of Service, Employer Terms of Service, Incident Response Policy, and a Data Processing Addendum (DPA).
What audit and security assessment practices does Warp report?
Warp reports regular security assessments, third‑party penetration testing, continuous compliance monitoring (Drata, Vanta), quarterly access reviews, audit‑trail logging for onboarding/offboarding, and SOC 2 audit support.
What encryption standards does Warp use for data in transit and at rest?
Warp uses TLS 1.2-or-higher for data in transit and AES-256 for data at rest.
What authentication and access controls does Warp offer?
Warp supports Single Sign-On (SSO), Multi‑Factor Authentication (MFA) / Two‑Factor Authentication (2FA), role‑based access control (RBAC), and employee app provisioning.
Does Warp provide public trust signals and incident response commitments?
Materials state Warp provides incident response policy documentation and SOC 2 audit support, and recommends including public trust signals such as SOC 2 report availability and a Trust Center for customer-facing communications.
How can I obtain Warp’s SOC 2 report or other audit artifacts?
Warp’s SOC 2 attestation and related trust documentation are available to prospective and current customers under standard confidentiality terms or via the company’s Trust Center and sales/security review process.
How does Warp handle data subject requests (access, deletion, portability)?
Warp supports data subject rights in accordance with applicable privacy laws; procedures and contact instructions for access, deletion, and portability requests are documented in the Privacy Notice and DPA and handled per those policies.
Where is customer data stored and how are cross‑border transfers handled?
Warp operates across the US, EEA, UK, and Switzerland and uses contractual transfer mechanisms (see the DPA) and standard safeguards for international data transfers; enterprise customers can discuss residency or additional controls with sales during procurement.
What controls are available around Warp’s AI features and customer data use?
Warp’s AI features are provided with accuracy caveats and verification guidance; details about how customer data is used, retained, or (if applicable) used for model training are disclosed in the Privacy Notice and contractual DPA terms so customers can choose appropriate controls.
How will Warp notify customers in the event of a security incident?
Warp follows its Incident Response Policy and applicable legal requirements to notify impacted customers and regulators in a timely manner; specific notification procedures and timelines are described in the Incident Response Policy and contractual agreements.
What privacy controls or contractual documents are available for enterprise customers?
Warp lists a Data Processing Addendum (DPA) among its policies and references SSO and enterprise controls as part of procurement/security conversations.
Does Warp reference the UK GDPR / Data Protection Act 2018?
Warp references the UK GDPR / Data Protection Act 2018 as the UK‑specific equivalent to the EU GDPR with similar requirements for lawful processing, subject rights, and international transfer safeguards.
What legal and regulatory frameworks beyond privacy does Warp reference as relevant?
Relevant frameworks and regulations listed include the EU AI Act (emerging regulation), Export Administration Regulations (EAR) and encryption export controls, COPPA (children’s privacy), PCI DSS (if processing payments), and accessibility laws (e.g., ADA, EN 301 549).
Are specific SLAs or contractual guarantees described in the product materials?
The materials state marketing must not promise contractual SLAs or enterprise features unless supported by product/plan and formal contract language; no specific SLAs are asserted in the provided content.
Does Warp have PCI or payments compliance for card processing?
If a customer’s workflow involves payment card processing, PCI obligations apply to the card‑handling party; Warp documents payment integrations and the respective compliance responsibilities in onboarding materials and partner agreements.
What does Warp state about trademark and third‑party brand use?
Warp notes that third‑party logos and partner mentions must follow partners’ brand guidelines and have permission where required.
What support does Warp provide for workers’ compensation and unemployment insurance?
Warp’s Compliance product description lists workers’ compensation and State Unemployment Insurance (SUI) handling as included features.
Does Warp provide FinCEN BOI filing support?
Yes, the State Tax Compliance section explicitly lists FinCEN BOI filing support as a feature.