Home
Compliance
SOC 2 Compliance
LiveMaven is pursuing SOC 2 Type II certification. Below is our current security posture — the same controls the auditors will evaluate.
Certification status
IN PROGRESS
SOC 2 Type II
Observation period active. Full report expected Q3 2026.
Trust principles
Our SOC 2 scope covers Security, Availability, and Confidentiality — the three principles most relevant to a platform that processes candidate assessment data and employer hiring decisions.
We chose not to include Processing Integrity and Privacy as separate trust principles because our architecture already enforces them: code execution is sandboxed and ephemeral, and we never train models on assessment data.
Controls in place
Access Control
✓Role-based access with least-privilege defaults
✓Multi-factor authentication for all internal systems
✓SSO/SAML enforcement for enterprise customers
✓Session tokens rotate on every refresh — stolen tokens auto-revoke
Data Protection
✓AES-256 encryption at rest, TLS 1.3 in transit
✓Candidate assessment data isolated per employer
✓PII masked in logs — full email never appears in server output
✓Automated data retention policies with right-to-erasure support
Infrastructure
✓Code execution sandboxed in ephemeral containers — destroyed after each session
✓No shared state between candidate sandboxes
✓Database credentials rotated quarterly, stored in encrypted vaults
✓Automated vulnerability scanning on every deployment
Monitoring & Response
✓Audit logs for every authenticated action — immutable, 12-month retention
✓Anomaly detection on authentication patterns
✓Incident response SLA: acknowledge within 1 hour, update within 4 hours
✓Security disclosures handled within 24 hours via security@maven.dev
Request compliance documents
SOC 2 Type I report, penetration test summary, and security questionnaire responses available under NDA. Email security@maven.dev