Security. By design.

As a data focused company, we take security issues very seriously. If you believe you’ve found a security vulnerability please report this to security@hook.co and we will work with you to investigate the issue.

  1. ISO 27001 Certified

    Hook is ISO/IEC 27001 certified, meeting the international standard for information security management. This certification reflects our rigorous approach to protecting data, managing risk, and upholding best practices across our organisation. We maintain our ISO 27001 compliance through ongoing internal reviews and independent audits. To learn more or request a copy of our ISO 27001 certificate, please contact us.

  2. SOC 2 Type 2 Attested

    Hook is proud to be SOC 2 Type 2 attested, having successfully completed our independent audit. This demonstrates our ongoing commitment to maintaining the highest standards of data security and operational integrity. We undergo regular audits by an accredited third-party firm to ensure continued compliance. To request the most recent SOC 2 Type 2 audit report, please get in touch.

  3. GDPR Compliant

    Hook is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018. Please contact us to discuss Hook’s approach to GDPR and Trust.

  4. Security practices & processes

    All new team members complete a background check, sign an NDA, and receive security training upon joining. Access to sensitive services is protected with strong password requirements, mandatory use of our approved password manager, and two-factor authentication where available. Data access follows least-privilege and role-based principles, ensuring employees only handle information relevant to their roles. We also use automated tools to detect security vulnerabilities in our software and apply fixes promptly to reduce risk.