Our founding team includes operators that have worked in dev tools, fintech, and cybersecurity, so we take security seriously across every aspect of our product and processes.

Schematic has put in place several technical and organizational measures designed to protect data and the application. We are secure by design and practice.


Schematic is SOC 2 Type 1 and Type 2 compliant.


We have a number of policies in place to support SOC 2 compliance. All of these policies are available for viewing upon request:

  • Acceptable Use Policy
  • Asset Management Policy
  • Backup Policy
  • Business Continuity Plan
  • Code of Conduct
  • Data Classification Policy
  • Data Deletion Policy
  • Data Protection Policy
  • Disaster Recovery Plan
  • Encryption Policy
  • Incident Response Plan
  • Information Security Policy
  • Password Policy
  • Physical Security Policy
  • Responsible Disclosure Policy
  • Risk Assessment Policy
  • Software Development Lifecycle Policy
  • System Access Control Policy
  • Vendor Management Policy
  • Vulnerability Management Policy

Reporting a Vulnerability / Bug

Please report security vulnerabilities or bugs to support@schematichq.com.

We currently do not operate a bug bounty program, but we will be forever grateful for any actionable security vulnerability found and will shower you with thanks and merch.