CTD is SOC 2 Type II certified and encrypts all data in transit and at rest. Here's how your data is protected at every layer.

SOC 2 Type II certification

CTD undergoes annual independent audits against the SOC 2 Type II standard, covering security, availability, and confidentiality. This means our controls aren't self-reported — they're independently verified by a third-party auditor on an ongoing basis.

Enterprise customers can request our SOC 2 report by emailing security@ctd.ai.

Encryption everywhere

All data is encrypted:

  • In transit: TLS 1.2+ for all data moving between your browser, our servers, and third-party integrations
  • At rest: AES-256 encryption for everything stored on our servers — contact profiles, email metadata, relationship scores, and integration-synced data

OAuth — no passwords stored

CTD connects to Gmail, Outlook, and LinkedIn exclusively via OAuth. We never see or store your passwords. You can revoke CTD's access at any time directly from your account settings in Google, Microsoft, or LinkedIn — no action required inside CTD.

Secure infrastructure

CTD runs on enterprise-grade cloud infrastructure with:

  • Network segmentation to isolate services
  • Access logging on all production systems
  • Regular vulnerability assessments and penetration testing
  • Continuous monitoring for anomalous activity
  • An incident response plan with user notification in the event of any security incident

You own your data

Your contacts and relationship data belong to you. You can:

  • Export everything at any time in a portable format
  • Delete your account permanently with a single request — all personal data is removed irreversibly, with no retention beyond the standard backup window

We do not sell, rent, or share your personal data or relationship graph with any third party, ever.

For questions about our security controls or to request a SOC 2 report, contact security@ctd.ai.