Enterprise-ready security and practices.

Independently audited and tested. Trusted by industry leaders.
SOC 2® Type II

Assembled partners with one of the largest independent auditing firms in the country, The Cadence Group. They have confirmed that Assembled meets the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity and Confidentiality.

SSL Labs Rating A+

The Secure Sockets Layer (SSL) is a standard for encrypted network communication. An A+ server rating means that our protocol support, key exchange and cipher strength are operating at a high level.

GDPR Compliant

The General Data Protection Regulation (GDPR) is a privacy regulation in the European Union (EU), which calls for increased data privacy for individuals.

At Assembled, we view security and compliance as more than just a box-ticking exercise. We've built with best practices in mind since day one.

Ryan Wang, Co-founder & CEO

Security at Assembled


Assembled encrypts data at rest using the industry standard AES-256 and data in transit using SSL/TLS.

Data Access

Access to customer data is limited to authorized employees who require it for their job, and data access is logged and audited.

Penetration tests

Assembled engages industry-leading firms to perform annual tests, using a mix of dynamic fault injection and in-depth study of source code.

Incident response

Assembled rapidly investigates and responds to all reported security issues. Issues can be reported via security@assembledhq.com

Employee training

All employees complete an annual security training and employ best practices when handling customer data.

Secure development

Assembled utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Have security questions?

Contact Our Security Team