SOC 2 Type 2 

Cercme, the security and privacy of our customers’ data is a foundational priority. As a trusted CRM platform serving fast-moving sales teams and growing businesses, we understand that our users need assurance that their sensitive information is being handled with the highest levels of integrity, control, and oversight. That is why we have pursued and maintain compliance with SOC 2 Type II — a rigorous auditing standard developed by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Type II is a framework specifically designed for technology and cloud-based companies that handle customer data. Unlike SOC 2 Type I, which evaluates the design of internal controls at a single point in time, SOC 2 Type II assesses the operational effectiveness of those controls over a continuous monitoring period — typically six to twelve months. This longer assessment provides customers with deeper assurance that security and privacy practices are not only designed properly but are consistently followed in practice.

Our SOC 2 Type II audit is focused on the Trust Services Criteria, with an emphasis on security and availability — two of the most critical components for any cloud platform. Under this framework, our organization’s systems, procedures, and policies are examined to confirm that they meet strict benchmarks for protecting data against unauthorized access, maintaining reliable uptime, and mitigating risks related to system failure, intrusion, or data loss.

The audit process includes detailed examination of how Cercme manages user authentication, account provisioning, vulnerability patching, encryption protocols, infrastructure redundancy, incident response, and data backups. It also reviews how we train employees, manage access to internal systems, and maintain secure development operations. Every control is tested over a defined time period to confirm it is not just documented, but functioning as intended.

This certification is performed by an independent third-party auditing firm and results in a detailed SOC 2 Type II report. That report provides an in-depth view of our systems and control environment, offering customers and partners a level of transparency that goes far beyond marketing claims. It validates that Cercme is actively operating under a robust security framework and not merely relying on point-in-time audits or superficial practices.

Being SOC 2 Type II compliant means our customers can confidently trust Cercme with their business data. Whether you’re managing leads, storing contact history, sending communication through integrated email tools, or tracking deal performance, you can rely on the fact that Cercme’s platform is built and maintained with privacy and protection in mind. This is especially critical for companies operating in regulated industries such as healthcare, finance, or legal services, where client data must be handled with the utmost care.

Cercme’s commitment to compliance goes beyond checkboxes. We treat SOC 2 as an ongoing obligation, not a one-time milestone. Our internal compliance team regularly reviews audit findings, performs internal risk assessments, and adapts our controls as the platform evolves. We continuously monitor for security threats and test our systems for resilience. As our product scales, so do our policies and infrastructure, ensuring we maintain a high standard for every customer — from startups to enterprises.

If you are a current or prospective customer and would like to request access to our most recent SOC 2 Type II report, please reach out to our support team at support@cercme.com. Access to this report may require signing a non-disclosure agreement (NDA) to protect the integrity of the security information provided.

We know that entrusting a CRM platform with your customer relationships is a big decision. Cercme’s SOC 2 Type II compliance is part of our broader promise to deliver not only exceptional functionality but also enterprise-grade data protection and operational accountability. We are proud to uphold these standards and will continue to invest in the security, privacy, and reliability of our platform to serve our customers at every stage of their growth.