SOC 2 Compliance

Endgame has completed SOC 2 Type II Certification. In addition to regular audits of our policies and procedures, we partner with Drata for continuous monitoring of our compliance.

Our report is available upon request under NDA to current and prospective customers. Visit our Trust Site or speak with your Account Executive, to request access.

GDPR/CCPA

Endgame is compliant with both GDPR and CCPA. Our list of sub-processors we work with and the purpose for why we use their services is kept current and available on our public docs page. We have a Data Processing Agreement (DPA) available upon request.

For data deletion requests, please email the details of the request to privacy@endgame.io.

Disclosure

Endgame believes in responsible disclosure. Our Vulnerability Disclosure Policy (VDP) covers the details, but if you notice a security issue or concern we want to hear from you at security@endgame.io. We do not currently have a bug bounty program.

Open Source Stance

Endgame evaluates libraries on a case-by-case basis, but our default stance is to allow non-invasive licenses approved by OSI.

A comprehensive library report is available upon request under NDA to current and prospective customers. Email us at support@endgame.io to request.

Generative AI

Endgame leverages OpenAI Enterprise as a sub-processor for text summarization and natural language interaction processing. No data sent to OpenAI is used for training purposes.

OpenAI consistently meets or exceeds our rigorous standards for third-party vendors, including SOC 2 Type II certification and GDPR/CCPA compliance.