Urlbox is now SOC2 Type II attested 🎉.
Achieving SOC2 Type II means that we have put in place formal policies and controls to enforce our security standards, and their effectiveness has been independently audited over time. You can have confidence that Urlbox meets established enterprise security expectations. We are not just claiming that we are the secure way to take programmatic screenshots, we've proved it.
If you are using our screenshot API, you may be capturing sensitive data: customer dashboards, pre-release products, internal tools, or confidential documents, all turned into images, PDFs, Markdown files, or other render types we offer. These websites' renders and even their URLs can contain sensitive information you cannot afford to leak.
What It Means
SOC2 is a framework developed by the American Institute of Chartered Public Accountants. It evaluates how a companies' information security policies and practices protect their customer data, across five 'trust principles': security, availability, processing integrity, confidentiality, and privacy.
Type II attestation holds you under more scrutiny than Type I. While Type I looks at whether the controls you have in place are designed and implemented correctly at a single point in time, Type II examines whether those controls actually operate effectively over an extended period.
Our first SOC2 Type II audit covered the Security principle over a three-month audit window. The independent auditor, Prescient Security, verified that our controls are designed and functioning effectively, with no exceptions. They held us to account for three months, and we will be monitored going forward to maintain continuous SOC2 compliance.
We also used Vanta to manage our compliance programme, helping us continuously monitor controls and maintain evidence in a structured, auditable way. It saved us a lot of time otherwise manually collating evidence.
From the outside, SOC2 can look like a checkbox exercise. In reality, it required us to take a step back and review our policies and controls, then ensure we consistently operated in compliance with them. Much of what we documented reflected practices we already had in place, but the process forced us to examine them closely and deliberately, validating and ultimately strengthening them. The investment we've made in pursuing this has made security more intentional and more visible in our day-to-day work. We now have a clearer understanding of what enterprise teams expect from us, and a transparent way to demonstrate that through our trust page. SOC2 Type II gives us a structured, externally validated way to show that security, transparency, and reliability are values we hold in high priority.
Enterprise-Ready Screenshots
Our secure screenshot API processes millions of renders per year for a wide range of customers, from indie devs to enterprises. We are already GDPR-compliant, and now we are proudly SOC2 attested.
We offer security-first features like secure_mode, the ability to upload finished renders directly to your own storage (including private S3 buckets and Azure Blob Storage), and AI analysis with a bring-your-own AI approach, so your data is never trained or processed outside of your control.
You can view our security posture at trust.urlbox.com, and can access our SOC2 report for your compliance review there. If you have any questions about our security practices or anything else, hit the chat widget on our website or email us at [email protected].