> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endgame.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Learn about Endgame's security practices and certifications

We're compliant with GDPR and CCPA, maintain SOC 2 Type II certification, and undergo annual third-party penetration testing. Our infrastructure runs on GCP in the US-Central1 region with encryption at rest and in transit. If you discover a security concern, we encourage responsible disclosure (full details are in our [Vulnerability Disclosure Policy](https://docs.endgame.io/vdp)).

**Key Security Features:**

* **Data Protection & Compliance:** GDPR and CCPA compliant with SOC 2 Type II certification. All data deletion requests are honored at [privacy@endgame.io](mailto:privacy@endgame.io)
* **Infrastructure Security:** GCP US-Central1 hosting with AES256 encryption at rest and HTTPS/TLS in transit. Availability monitored at [status.endgame.io](http://status.endgame.io)
* **Access Controls:** Least privilege principle enforced for all employee access to production environments and customer data
* **Third-Party Vendors:** All sub-processors meet SOC 2 Type II and GDPR/CCPA standards. OpenAI Enterprise used for text processing with zero-retention policy

For complete security documentation, certifications, and our current list of sub-processors, visit [trust.endgame.io/](https://trust.endgame.io/).
