# Trust Center

Warp's [Trust Center](https://trust.warp.dev) is the central hub for security documentation, compliance certifications, and third-party assessments. It provides the information security teams, procurement, and compliance officers need to evaluate Warp as a vendor and complete security reviews.

## Compliance certifications

### SOC 2 Type II

Warp is **SOC 2 Type II certified**, demonstrating compliance with industry-standard security controls across the following trust service criteria:

* **Security** - Infrastructure protection, access controls, and monitoring
* **Availability** - System uptime and disaster recovery
* **Confidentiality** - Data protection and privacy controls
* **Processing integrity** - Accurate, complete, and authorized processing

**Requesting SOC 2 reports:** Enterprise customers can request SOC 2 reports directly through the [Trust Center portal](https://trust.warp.dev), through their account manager, or by emailing <security@warp.dev>.

## Subprocessors

Warp publishes a list of subprocessors — third-party service providers that process data on Warp's behalf. This includes infrastructure providers, LLM providers, and other services that support Warp's operations.

View the current list of subprocessors at [warp.dev/legal/subprocessors](https://www.warp.dev/legal/subprocessors).

{% hint style="info" %}
Warp maintains **Zero Data Retention (ZDR)** agreements with its contracted LLM providers (Anthropic, OpenAI, Google), meaning they do not store or train on your data.
{% endhint %}

## Security documentation

The following resources provide detailed information about Warp's security practices:

* [**Trust Center portal**](https://trust.warp.dev) - External portal with downloadable compliance reports and real-time security status
* [**Security overview**](https://docs.warp.dev/enterprise/security-and-compliance/security-overview) - Warp's security architecture, data handling, and compliance certifications
* [**Privacy policy**](https://www.warp.dev/legal/privacy-policy) - How Warp collects, uses, and protects personal data
* [**Subprocessors**](https://www.warp.dev/legal/subprocessors) - Third-party service providers that process data on Warp's behalf

## Requesting security information

If you're conducting a vendor security assessment or completing a compliance questionnaire, Warp can provide:

* **SOC 2 Type II reports** - Available upon request for Enterprise customers
* **Compliance questionnaire assistance** - Warp's security team can help complete vendor security questionnaires

To request any of these materials, contact your account manager or email <security@warp.dev>.

## Penetration testing and vulnerability management

Warp conducts regular security assessments as part of its SOC 2 program. The details of Warp's vulnerability management and penetration testing practices are validated through its SOC 2 Type II certification.

### Responsible disclosure

If you discover a security vulnerability in Warp, please report it responsibly:

1. Email <security@warp.dev> with detailed steps to reproduce the issue.
2. Allow Warp time to investigate and address the vulnerability before any public disclosure.

Warp works with reporters to coordinate disclosure timelines.