What is SOC 2?
SOC 2 (System and Organization Controls 2) is a security framework developed by the American Institute of CPAs (AICPA). It defines criteria for managing customer data based on five Trust Service Criteria:Bota’s SOC 2 Certification
Type II Certification
Bota has achieved SOC 2 Type II certification, which means:- An independent auditor has examined our controls over an extended period (typically 6-12 months)
- Our controls are not just designed appropriately, but operate effectively over time
- We undergo annual re-certification audits
Request SOC 2 Report
Contact security@bota.dev to request our SOC 2 Type II report under NDA
Trust Service Criteria Covered
Our SOC 2 report covers:Security Controls
Access Management
Infrastructure Security
Data Protection
Monitoring and Logging
Incident Response
Availability Controls
Infrastructure Reliability
Disaster Recovery
Uptime
We target 99.9% uptime for the Bota API. Current status is available at api.bota.dev/health.Confidentiality Controls
Data Classification
Data Handling
Third-Party Management
Compliance Program
Governance
- Security Team: Dedicated security and compliance team
- Security Officer: Designated CISO responsible for security program
- Board Oversight: Regular security updates to leadership
Policies
We maintain comprehensive security policies covering:- Information Security
- Access Control
- Data Classification
- Incident Response
- Business Continuity
- Acceptable Use
- Vendor Management
Employee Security
Requesting Our SOC 2 Report
Our SOC 2 Type II report is available to customers and prospects under NDA.1
Submit Request
Email security@bota.dev with your company name and use case
2
Sign NDA
We’ll send a mutual NDA for signature
3
Receive Report
Once the NDA is executed, we’ll share the full SOC 2 report
- Independent auditor’s opinion
- Description of Bota’s systems
- Trust Service Criteria tested
- Control activities and test results
- Management’s assertion
Other Certifications
Frequently Asked Questions
What's the difference between SOC 2 Type I and Type II?
What's the difference between SOC 2 Type I and Type II?
Type I examines controls at a point in time. Type II examines controls over a period (typically 6-12 months), providing assurance that controls operate effectively. Bota has Type II certification.
How often is Bota audited?
How often is Bota audited?
We undergo annual SOC 2 Type II audits. Our audit period typically runs from January to December, with reports issued in Q1 of the following year.
Do you have a SOC 2 bridge letter?
Do you have a SOC 2 bridge letter?
If our current report doesn’t cover your audit period, we can provide a bridge letter confirming no material changes since the last audit. Contact security@bota.dev.
What about SOC 1?
What about SOC 1?
SOC 1 focuses on financial reporting controls. As Bota does not process financial transactions, SOC 2 is the appropriate standard for our services.
Contact
For SOC 2 and security questions: Email: security@bota.dev Subject: SOC 2 InquiryLast updated: January 15, 2025

