SamSearch

    Security you can take to procurement.

    Our commitment to compliance.

    🇺🇸 Hosted in the United States

    Visit Trust CenterRequest Reports

    Independently verified

    Our certifications are issued by independent third-party auditors who tested our systems under real-world conditions. Not self-reported.

    SOC 2 Type II Compliant

    SOC 2 Type II

    Security, availability, and confidentiality controls audited over time by an independent CPA firm. The certification your enterprise IT and legal teams will ask for by name.

    Audited annually · Report available under NDA · support@samsearch.co

    VAPT A+ Certification

    VAPT, A+ Rating

    Penetration tested by LTS Data Point across our web application, APIs, and AWS infrastructure. Zero critical findings. Zero high-severity findings at the time of certification.

    Report available under NDA · support@samsearch.co

    Compliance is not optional in GovCon.

    Government contracting runs on trust. SamSearch is SOC 2 Type II certified and VAPT A+ rated so your IT security team, legal counsel, and prime contractors can approve us quickly and confidently.

    Primes, agencies, and SLED offices require vendors to meet rigorous security standards before onboarding. SOC 2 Type II is the baseline. Without it, you are a liability on every teaming agreement.

    samsearch.co / security-audit
    No data sold to third parties
    Pipeline data stays yours
    SOC 2 Type II certified
    VAPT A+ rated
    Incident response plan active
    MFA enforced across all systems
    Isolated production environment
    Quarterly access reviews

    How we protect your data

    Four layers of enterprise-grade protection behind every search, every proposal draft, every opportunity you track.

    Encryption everywhere

    AES-256 at rest. TLS 1.2+ in transit. Sensitive fields get additional encryption layers. Your data is unreadable to anyone who should not have it.

    Hosted in the United States

    Deployed on Amazon Web Services in the US. Isolated production environments, automated backups, and 99.9% uptime SLA.

    Zero-trust access

    Role-based permissions, MFA enforcement across all internal systems, and quarterly access reviews. Least privilege is the default, not the exception.

    Continuous hardening

    Dependency scanning on every deploy. Penetration tested by independent auditors. Responsible disclosure policy. Security is a process, not a checkbox.

    Enterprise-ready. Procurement-approved.

    Request our SOC 2 or VAPT report, visit our live Trust Center, or reach out directly. We respond the same day.

    Trust Centersupport@samsearch.co

    Full terms in our Privacy Policy and Terms of Use. Hosted in the United States. Last reviewed: June 2026.