Enterprise > Security and compliance
Warp Trust Center
# Warp Trust Center Warp's [Trust Center](https://trust.warp.dev) is the central hub for security documentation, compliance certifications, and third-party assessments. It provides the information security teams, procurement, and compliance officers need to evaluate Warp as a vendor and complete security reviews. ## Compliance certifications ### SOC 2 Type II Warp is **SOC 2 Type II certified**, demonstrating compliance with industry-standard security controls across the following trust service criteria: * **Security** - Infrastructure protection, access controls, and monitoring * **Availability** - System uptime and disaster recovery * **Confidentiality** - Data protection and privacy controls * **Processing integrity** - Accurate, complete, and authorized processing **Requesting SOC 2 reports:** Enterprise customers can request SOC 2 reports directly through the [Trust Center portal](https://trust.warp.dev), through their account manager, or by emailing [security@warp.dev](mailto:security@warp.dev). ## Subprocessors Warp publishes a list of subprocessors — third-party service providers that process data on Warp's behalf. This includes infrastructure providers, LLM providers, and other services that support Warp's operations. View the current list of subprocessors at [warp.dev/legal/subprocessors](https://www.warp.dev/legal/subprocessors). :::note Warp maintains **Zero Data Retention (ZDR)** agreements with its contracted LLM providers (Anthropic, OpenAI, Google), meaning they do not store or train on your data. ::: ## Security documentation The following resources provide detailed information about Warp's security practices: * **[Trust Center portal](https://trust.warp.dev)** - External portal with downloadable compliance reports and real-time security status * **[Security overview](/enterprise/security-and-compliance/security-overview/)** - Warp's security architecture, data handling, and compliance certifications * **[Privacy policy](https://www.warp.dev/legal/privacy-policy)** - How Warp collects, uses, and protects personal data * **[Subprocessors](https://www.warp.dev/legal/subprocessors)** - Third-party service providers that process data on Warp's behalf ## Requesting security information If you're conducting a vendor security assessment or completing a compliance questionnaire, Warp can provide: * **SOC 2 Type II reports** - Available upon request for Enterprise customers * **Compliance questionnaire assistance** - Warp's security team can help complete vendor security questionnaires * **[Architecture and deployment](/enterprise/enterprise-features/architecture-and-deployment/)** - Details about Warp's infrastructure, deployment models, and data flows To request any of these materials, contact your account manager or email [security@warp.dev](mailto:security@warp.dev). ## Penetration testing and vulnerability management Warp conducts regular security assessments as part of its SOC 2 program. The details of Warp's vulnerability management and penetration testing practices are validated through its SOC 2 Type II certification. ### Responsible disclosure If you discover a security vulnerability in Warp, please report it responsibly: 1. Email [security@warp.dev](mailto:security@warp.dev) with detailed steps to reproduce the issue. 2. Allow Warp time to investigate and address the vulnerability before any public disclosure. Warp works with reporters to coordinate disclosure timelines.Access Warp's security documentation, compliance certifications, and third-party assessment resources to complete your vendor security review.
Warp’s Trust Center is the central hub for security documentation, compliance certifications, and third-party assessments. It provides the information security teams, procurement, and compliance officers need to evaluate Warp as a vendor and complete security reviews.
Compliance certifications
Section titled “Compliance certifications”SOC 2 Type II
Section titled “SOC 2 Type II”Warp is SOC 2 Type II certified, demonstrating compliance with industry-standard security controls across the following trust service criteria:
- Security - Infrastructure protection, access controls, and monitoring
- Availability - System uptime and disaster recovery
- Confidentiality - Data protection and privacy controls
- Processing integrity - Accurate, complete, and authorized processing
Requesting SOC 2 reports: Enterprise customers can request SOC 2 reports directly through the Trust Center portal, through their account manager, or by emailing security@warp.dev.
Subprocessors
Section titled “Subprocessors”Warp publishes a list of subprocessors — third-party service providers that process data on Warp’s behalf. This includes infrastructure providers, LLM providers, and other services that support Warp’s operations.
View the current list of subprocessors at warp.dev/legal/subprocessors.
Security documentation
Section titled “Security documentation”The following resources provide detailed information about Warp’s security practices:
- Trust Center portal - External portal with downloadable compliance reports and real-time security status
- Security overview - Warp’s security architecture, data handling, and compliance certifications
- Privacy policy - How Warp collects, uses, and protects personal data
- Subprocessors - Third-party service providers that process data on Warp’s behalf
Requesting security information
Section titled “Requesting security information”If you’re conducting a vendor security assessment or completing a compliance questionnaire, Warp can provide:
- SOC 2 Type II reports - Available upon request for Enterprise customers
- Compliance questionnaire assistance - Warp’s security team can help complete vendor security questionnaires
- Architecture and deployment - Details about Warp’s infrastructure, deployment models, and data flows
To request any of these materials, contact your account manager or email security@warp.dev.
Penetration testing and vulnerability management
Section titled “Penetration testing and vulnerability management”Warp conducts regular security assessments as part of its SOC 2 program. The details of Warp’s vulnerability management and penetration testing practices are validated through its SOC 2 Type II certification.
Responsible disclosure
Section titled “Responsible disclosure”If you discover a security vulnerability in Warp, please report it responsibly:
- Email security@warp.dev with detailed steps to reproduce the issue.
- Allow Warp time to investigate and address the vulnerability before any public disclosure.
Warp works with reporters to coordinate disclosure timelines.