SOC 2 Type 1 compliant

When Chromatic launched five years ago, we set out to improve the UX of the internet by building tools for frontend developers everywhere.

Chromatic is now used by hundreds of companies around the world – from Fortune 100 enterprises to scrappy startups. But no matter the shape of your company, we've always prioritized the security of your data.

I’m thrilled to share that Chromatic is SOC 2 Type 1 compliant. That means we enlisted an independent third-party to conduct a rigorous security audit which adheres to the industry standards (AICPA). Chromatic was evaluated on a few key dimensions:

• 🔐 Security
• 🛡 Confidentiality
• 🚥 Availability
• ✅ Privacy
• 🗂 Processing integrity

SOC 2 Type 1 is a testament to how much Chromatic values security. But it doesn’t end there, we also have continuous monitoring in place to ensure that these standards are maintained over time. Customers like BBC, Workday, and Faire can count on our practices to reinforce their own security posture.

What does that mean for you?

For existing customers, SOC 2 Type 1 helps you rest easy knowing that our team remains vigilant with your data. You already trust us to power your frontend infrastructure, we aim to maintain that trust by shipping secure products.

For new customers, SOC 2 Type 1 is an industry-standard that’s recognized by engineering, compliance, and security teams alike. Our adherence simplifies the procurement process which can mean less paperwork for everyone.

Next steps

SOC 2 shows Chromatic’s ongoing commitment toward protecting your data. It's an independently verifiable way to demonstrate the security of our tools. Our goal is to continue hardening Chromatic against intrusion with regular audits and automated monitoring.