Skip to main content
Bota maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality. This page describes our SOC 2 program and how it protects your data.

What is SOC 2?

SOC 2 (System and Organization Controls 2) is a security framework developed by the American Institute of CPAs (AICPA). It defines criteria for managing customer data based on five Trust Service Criteria:

Bota’s SOC 2 Certification

Type II Certification

Bota has achieved SOC 2 Type II certification, which means:
  • An independent auditor has examined our controls over an extended period (typically 6-12 months)
  • Our controls are not just designed appropriately, but operate effectively over time
  • We undergo annual re-certification audits

Request SOC 2 Report

Contact security@bota.dev to request our SOC 2 Type II report under NDA

Trust Service Criteria Covered

Our SOC 2 report covers:

Security Controls

Access Management

Infrastructure Security

Data Protection

Monitoring and Logging

Incident Response


Availability Controls

Infrastructure Reliability

Disaster Recovery

Uptime

We target 99.9% uptime for the Bota API. Current status is available at api.bota.dev/health.

Confidentiality Controls

Data Classification

Data Handling

Third-Party Management


Compliance Program

Governance

  • Security Team: Dedicated security and compliance team
  • Security Officer: Designated CISO responsible for security program
  • Board Oversight: Regular security updates to leadership

Policies

We maintain comprehensive security policies covering:
  • Information Security
  • Access Control
  • Data Classification
  • Incident Response
  • Business Continuity
  • Acceptable Use
  • Vendor Management

Employee Security


Requesting Our SOC 2 Report

Our SOC 2 Type II report is available to customers and prospects under NDA.
1

Submit Request

Email security@bota.dev with your company name and use case
2

Sign NDA

We’ll send a mutual NDA for signature
3

Receive Report

Once the NDA is executed, we’ll share the full SOC 2 report
The report includes:
  • Independent auditor’s opinion
  • Description of Bota’s systems
  • Trust Service Criteria tested
  • Control activities and test results
  • Management’s assertion

Other Certifications


Frequently Asked Questions

Type I examines controls at a point in time. Type II examines controls over a period (typically 6-12 months), providing assurance that controls operate effectively. Bota has Type II certification.
We undergo annual SOC 2 Type II audits. Our audit period typically runs from January to December, with reports issued in Q1 of the following year.
Yes, you may share our SOC 2 report with your external auditors under the terms of the NDA. Please do not share it publicly.
If our current report doesn’t cover your audit period, we can provide a bridge letter confirming no material changes since the last audit. Contact security@bota.dev.
SOC 1 focuses on financial reporting controls. As Bota does not process financial transactions, SOC 2 is the appropriate standard for our services.

Contact

For SOC 2 and security questions: Email: security@bota.dev Subject: SOC 2 Inquiry
Last updated: January 15, 2025