Trust center

Security and compliance at Gleap

SOC 2 Type II audited. GDPR compliant. Hosted in the EU. Everything you need to assess Gleap as a vendor, in one place.
Compliance at a glance
SOC 2 Type II
Independently audited against the SOC 2 Type II trust service criteria. Request the current report by emailing privacy@gleap.io.
GDPR
GDPR-compliant processing with a public Data Processing Addendum, Standard Contractual Clauses for third-country transfers, and a documented sub-processor list.
EU data residency
Gleap is hosted in the European Union (Frankfurt). US data residency is available on the Enterprise plan.
DORA vendor readiness
Vendor information for financial entities regulated under DORA: Register of Information data, Article 30 mapping, and due-diligence support.
Encryption & security controls
Technical and organizational measures per Art. 32 GDPR: encryption, access controls, availability, resilience, and recoverability.
HIPAA BAA
A Business Associate Agreement is available on the Enterprise plan for customers subject to HIPAA.

Documents & resources

Everything a security or compliance review typically needs:

  • Security practices — infrastructure, encryption, access controls, incident response, and product privacy controls.
  • Sub-processors — every third party that processes data on Gleap’s behalf, with locations and purposes.
  • DORA information for financial entities — Gleap’s role as an ICT third-party service provider under Regulation (EU) 2022/2554.
  • Privacy Policy — how Gleap collects, processes, and protects personal data.
  • Terms of Service — including our incorporated Data Processing Addendum.
  • Data Processing Addendum (PDF) — our standard DPA with SCCs, technical and organizational measures, and the approved sub-processor annex. A copy signed by both parties is available via privacy@gleap.io.
  • Imprint — legal entity information for Gleap GmbH.
  • Status page — current service status and incident updates.

SOC 2 Type II report: available under NDA on request. Email privacy@gleap.io and we’ll share the current report.