Skip to content
NativeLink

Compliance

Security you can audit, not just trust.

NativeLink runs the build farms that ship safety-critical software. Every byte is content-addressed, every action is logged, and every control is auditable.

Request a reportContact security

Certifications

Where we are. Where we're going.

SOC 2 Type II

In progress

Audit underway, expected report Q3 2026. We're tracking against the AICPA Trust Services Criteria today.

GDPR

Compliant

Data Processing Addendum available on request. EU data residency for Cloud customers.

CCPA

Compliant

California residents can request access, deletion, and opt-out at any time.

ISO 27001

Planned

Targeting 2027 once our SOC 2 Type II report is published.

Controls

How NativeLink protects your code.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. mTLS between every service in the cluster. Customer keys supported on Enterprise.

Single sign-on

SAML 2.0 and OIDC with Okta, Azure AD, Google Workspace, JumpCloud. SCIM 2.0 user provisioning on Enterprise.

Audit logs

Every administrative action and every action result is logged, signed, and exportable to your SIEM via webhook or S3.

Signed artifacts

Build inputs and outputs are content-addressed and cryptographically signed. Tampering is detectable at the hash level.

Data residency

US and EU regions on Cloud. Pin your data to a region by contract. Enterprise customers can run fully air-gapped. Deploy on-prem with our Helm charts →

Vulnerability program

We run continuous SAST/DAST on every PR. Disclose anything at security@nativelink.com — we triage within 24h.

Policies & reports

Available on request.

Email security@nativelink.com with your NDA — we'll send the relevant report within one business day.

  • Information Security Policy

    Our internal standards for handling customer and corporate data.

    Request

  • Incident Response Plan

    How we detect, escalate, and communicate during an incident.

    Request

  • Sub-processor list

    The vendors that process customer data on our behalf.

    Request

  • Data Processing Addendum

    GDPR-compliant DPA for European customers.

    Request

Responsible disclosure

Found something? We want to hear about it.

We triage every report within 24 hours, fix high-severity issues within 7 days, and credit researchers in our advisory.

security@nativelink.com

Ship faster

Let's build at the speed your code is being written.

Open source. Free cloud tier. Self-host the moment your team is ready.

Get startedSee pricing