Security at Hoxhunt

We help hundreds of thousands of employees protect themselves from cyberattacks, and as such we also take our own security very seriously. Holding ourselves to industry-leading privacy and security standards, we take responsibility for the security and privacy of user data.

certifications and badges


At Hoxhunt, we're committed to providing a service that meets the strict requirements of today's business environment.

GDPR ready badge

General Data Protection Regulation

CCPA ready badge

California Consumer Privacy Act

SOC 2 badge
SOC 2 Type II

SOC for Service Organizations

Request report
SOC 3 badge

SOC for Service Organizations

Download report
want to learn more?

Industry best practices and frameworks

Our security approach focuses on comprehensive security governance, risk management and mitigation, and compliance. This includes strong encryption of all data both in rest and in transit, network security, vm hardening, role based access control, system monitoring, logging, traces, metrics with alerts, and more.

Request the whitepaper

Key Security
and Privacy Features

For more detailed information, contact our Compliance and Security team at

Need Help with Compliance or Security?

Hoxhunt has a dedicated Compliance and Security staff, ready to assist you with the complexities of global data regulations, management, and oversight. We will help you navigate the global regulatory landscape.

General Data Protection Regulation (GDPR)

Our data processing agreement is compliant with Article 28 of the GDPR and our Data Protection Officer, working alongside our legal team, ensures GDPR compliance with our service more broadly. We process user data for the strict purpose of providing our service.

California Consumer Privacy Act (CCPA)

The data processing agreement section of our standard terms contractually binds Hoxhunt to process the data of our users purely for the purpose of providing our service. We do not use user data for any other commercial purpose and nor do we sell user data to any third parties.

Third-Party Oversight

At Hoxhunt we’ve taken great care to build high quality internal processes that meet the SSAE 18 SOC2 standards. Our compliance to these standards is audited yearly by an external party. The SOC2 and SOC3 reports are available for customers and prospects on request. Additionally, we’re always happy to assist you with every aspect of your security or compliance requirements. We believe transparency is key for us to retain your trust.

Schrems II & Data Residency Statement

We took immediate action after Schrems II to sign EU Standard Contractual Clauses (SCCs) with all subprocessors relying on privacy shield. Since then we significantly reduced the number of U.S. subprocessors in our service, and ensured that where we rely on SCCs we also pseudonymise all user data to ensure compliance with EDPB Recommendation 01/2020. We also incorporated the new EU SCCs (Decision 2021/915) into our standard terms.