Trust
SOC 2 at Aspiresly.
Aspiresly maintains a SOC 2 Type II program covering the Security and Confidentiality trust services criteria. Our latest report is available on request under NDA.
What SOC 2 is
SOC 2 is a third-party audit of a service provider's controls around security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II report covers the design and operating effectiveness of those controls over a defined period, typically 6 to 12 months.
Our scope
- Trust services criteria covered: Security, Confidentiality.
- Report type: Type II.
- Auditor: a Big-4-network firm (named in the report).
- Reporting period: rolling 12-month window, refreshed annually.
How to request the report
Email hello@aspirescapital.com with the subject "SOC 2 report request". We will send a short mutual NDA, then share the latest report within 3 business days.
What is in the report
- Auditor's opinion on the design and operating effectiveness of our controls.
- System description: what Aspiresly is, who runs it, and how data flows.
- Control matrix: every control we operate, mapped to the trust services criteria.
- Tests performed and results.
Other compliance assets
The following are available alongside the SOC 2 report on request:
- Penetration test summary (third-party, annual).
- Information security policy.
- Business continuity and disaster recovery plan.
- Subprocessor list.
- Data Processing Agreement (countersigned).