Compliance You Can Verify.
Fullcast maintains rigorous compliance standards validated by independent third-party auditors. We make it easy for your security and procurement teams to verify our posture before you sign.
Audited, Verified, and Transparent.
Fullcast maintains independently verified compliance standards so your security and procurement teams can move with confidence. From our current SOC 2 Type II report to our published subprocessor list, we make verification easy.
Soc 2 Type II Compliant
Fullcast maintains current SOC 2 Type II compliance, independently audited on an annual basis. The full report is available to customers and prospective customers upon request through our Trust Center.
Additional Compliance
Fullcast is compliant with GDPR and the California Privacy Rights Act (CPRA), ensuring your data is handled in accordance with global and state-level privacy regulations.
Self-Serve Trust Portal
Prospects and customers can access compliance documentation (including the SOC 2 Type II report, certifications, and audit history) through our dedicated trust portal at trust.fullcast.com. The portal provides real-time transparency into our security posture.
Subprocessor Transparency
Our full subprocessor list is published at support.fullcast.com. Customers are notified in writing of any changes to subprocessors and are given the opportunity to object, as outlined in our master services agreement.
Read More About Our Privacy Policies
Governance at Fullcast
Fullcast provides granular role-based access controls, approval workflows, and comprehensive audit trails so your team stays in control of every change to your revenue operations. Audit logs capture configuration updates, employee data access, failed logins, and AI agent invocations, retained for up to 30 days with backups purged within 35 days.
Learn More
Security at Fullcast
Fullcast's infrastructure is primarily cloud-hosted and architected for high availability across multiple availability zones, with annual third-party penetration testing and SAML 2.0 SSO via Okta. Our documented incident response plan ensures affected companies are notified promptly in the event of a security incident, with ICO notification within 72 hours where GDPR applies.
Learn More
Privacy at Fullcast
Fullcast does not sell or disclose customer data beyond what is described in our Privacy Policy. Upon contract termination, data is processed for up to 35 days before purge. For non-U.S. customers, cross-border data transfers are governed by Standard Contractual Clauses included in our Data Protection Agreement, available on request, with privacy oversight from our CTO.
Learn MoreFrequently Asked Questions
Is Fullcast SOC 2 Type II compliant?
Yes. Fullcast maintains current SOC 2 Type II compliance through annual independent audits. The full report, including auditor information, is available upon request through our Trust Center at trust.fullcast.com.
What other compliance standards does Fullcast meet?
In addition to SOC 2 Type II, Fullcast is compliant with GDPR and CPRA.
How can I request the SOC 2 report?
Visit our trust portal at trust.fullcast.com to request access. The portal provides real-time transparency on certifications, audit history, and security resources.
Is the subprocessor list publicly available?
Yes. The full list is published at support.fullcast.com/article/428-vendors-and-sub-processors. Customers are notified in writing of any changes and given the opportunity to object.
What are Fullcast's disaster recovery targets?
Our RTO is 4 hours and our RPO is 24 hours for key systems, meaning we aim to restore service within 4 hours and limit potential data loss to a maximum of 24 hours.
