Sturdy security

At Sturdy, the security and integrity of our customer’s information is of the utmost importance.

Keeping it secure

Sturdy has developed and maintains a comprehensive Information Security Management program to manage risks to the security, availability, confidentiality, integrity, and privacy of Sturdy systems and products. Our program has been independently audited and certified to meet the requirements of Trust Services Criteria SOC2 Type II.

GDPR Compliant

Sturdy psuedonomizes, anonymizes, and redacts PII to protect your customers’ data. This allows us to train our machine-learning models in a fully anonymized form. It allows our customers the peace of mind that only they have access to their original data.


Sturdy utilizes Amazon Web Services (AWS) as the Infrastructure-as-a-Service hosting provider. All data stored in AWS data centers located in the United States. Communications into our services are encrypted-in-transit and data is stored encrypted-at-rest using industry standard encryption mechanisms.


Sturdy products are designed with security in mind from the architecture phase. Development teams follow an agile Software Development Life Cycle comprised of source code configuration management, integrated peer review processes, and multi-stage/multi-environment continuous integration including automated unit, functional, and integration testing and security scanning.
If I had been monitoring these Signals a month ago, we would have known about issues and would have been able to stop them from becoming escalations.
Lisa Sowerby
VP of CE & Delivery @ PuzzleHR
Trusted by leading customer-obsessed companies