PostHog & SOC 2 compliance

System and Organization Control 2 Type 2 (SOC 2) is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA) that focuses on how an organization's services remain secure and protect customer data. The framework contains 5 Trust Services Categories (TSCs), which contain criteria to evaluate the controls and service commitments of an organization.

Visit our Trust Center

Utilize our Trust Center powered by SafeBase to self-serve reports, policies, and certifications.

PostHog is certified as SOC 2 Type II compliant, following an external audit.

Our latest security report is publicly available (covering controls as of May 31st, 2025).

Policies

We have a number of policies in place to support SOC 2 compliance. All team members have been invited to Drata to review these and to complete security training and background checks as part of onboarding.

All of our policies are available for viewing and upon request via our Trust Center.

Community questions

Was this page useful?

Questions about this page? or post a community question.