Goodie's Client Data Protection

Security at Goodie

Enterprise-grade security and compliance, built in from day one. Your data is protected by independently audited controls, encrypted at every layer, and monitored continuously.

SOC 2 Type I · SOC 2 Type II

Our Commitment

Running AEO at scale means Goodie handles your analytics, content, and competitive intelligence. That comes with real responsibility. Our security program is independently audited and maps to the controls enterprise procurement teams expect.

Compliance & Certifications

Goodie maintains SOC 2 Type I and Type II attestations, independently audited against the AICPA Trust Services Criteria. Type II confirms our controls don’t just exist on paper — they operate effectively over time.

Current and prospective customers can request our SOC 2 report, security documentation, and answers to common security questions through our Trust Center.

Access security documentation →

Infrastructure & Data Security

  • Encryption everywhere. Data is encrypted in transit (TLS) and at rest (AES-256) across all systems.
  • Trusted cloud infrastructure. Goodie runs on enterprise cloud infrastructure that is itself SOC 2 attested, with built-in redundancy and resilience.
  • Continuous monitoring. Our environment is monitored continuously for threats, vulnerabilities, and configuration drift, with automated alerting on anomalies.
  • Data isolation. Customer workspaces are logically separated to keep your data yours.

Application & Access Security

  • Enterprise SSO. Sign in through your identity provider with SAML-based single sign-on.
  • SCIM provisioning. Automate user onboarding and offboarding through directory sync.
  • Role-based access control. Granular permissions ensure people see only what they should.
  • Least-privilege internally. Goodie staff access is restricted, logged, and reviewed on a regular basis.

Privacy & Data Handling

  • You own your data. We process your data to deliver the service — never to train third-party models or sell to anyone.
  • Defined retention and deletion. Clear policies govern how long data is kept and how it’s removed on request.
  • Vetted sub-processors. Every third party in our stack is reviewed and held to security standards consistent with our own.

Reporting a Vulnerability

We welcome reports from the security community. If you’ve found a potential vulnerability, contact us at security@higoodie.com and our team will respond promptly.

Have Questions?

Our Trust Center has the latest on our security posture, certifications, and documentation. For anything else, our team is here to help.

Visit the Trust Center →

Contact us →

FAQ

Questions? We Have The Answers.

Yes. Goodie holds both SOC 2 Type I and Type II attestations, independently audited against the AICPA Trust Services Criteria. You can request our latest report through the Trust Center.

No. We process your data solely to deliver the service. We never use it to train third-party AI models, and we never sell it.

Your data is hosted on enterprise cloud infrastructure that is SOC 2 attested, encrypted in transit and at rest.

Yes. Goodie supports SAML-based single sign-on through your identity provider, plus SCIM provisioning to automate user onboarding and offboarding.

Our Trust Center has our SOC 2 report, security details, and answers to common questions. Visit it here or request access to gated documents directly.