Avatar photo Jeremy Helms
Mar 7, 2023
The Ultimate Guide to Call Tracking Software
Top 9 tools rated from 3K+ G2 reviews

    Data security — it’s increasingly becoming a top concern for consumers. A 2022 Ipsos poll found 84% of Americans reported being concerned about the safety and privacy of their data. And with recent breaches from big names like Microsoft, News Corp, and Red Cross, it’s easy to see why.

    But businesses and service providers can actually use this growing concern to their advantage.


    By partnering with vendors that take data security seriously.

    At WhatConverts, we know data security is at the top of your clients’ minds. It’s why we’re proud to announce that we’ve successfully earned SOC 2 Type 2 compliance, one of the most stringent measures of data security.


    of Americans reported being concerned about the safety and privacy of their data.

    Here’s a brief breakdown of SOC2 Type 2 compliance and what it means for you, your clients, and your business as a whole.

    What is SOC 2 Type 2 Compliance?

    First things first, let’s go over what SOC 2 Type 2 is.

    Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a type of Service Organization Control (SOC) audit. These audits examine the risks associated with using a service provider by reporting on their use of industry best practices. SOC 1 focuses on financial controls, while SOC 2 is more concerned with information security, confidentiality, and privacy.

    For a service provider to be SOC 2 Type 2 compliant, they need to follow exceptionally rigorous data security control processes. They also need to pass examination from an independent CPA firm.

    Control factors considered during SOC 2 Type 2 audits include:

    • Penetration Testing by a third-party cyber-security firm to ensure that the security posture of our services is uncompromised.
    • Vault-Locked Data Backups to protect from ransomware attacks.
    • Encryption at Rest of all databases and Encryption in Transit to ensure that data remains hidden from or inaccessible to unauthorized users.
    • Vulnerability Scanning of our application to actively monitor for threats.

    SOC 2 Type 2 vs. Type 1

    There are two types of SOC2 audits: Type 1 and Type 2.

    Type 1 is designed to examine internal control procedures at a single point in time. For instance, a Type 1 examination may look at how a service provider stores passwords in their system at the time of testing.

    Type 2, on the other hand, is even more involved. These audits take place over a large stretch of time—usually over the course of 6 months. As a result, measures are tested more extensively. And certification gives a more complete picture of a service provider’s data security practices.

    Why Is SOC 2 Type 2 Important for You (and For Us)?

    So, why does all this matter? And what does WhatConverts’ SOC 2 Type 2 certification mean for your business?

    There are a few things at play here:

    • Greater Customer Confidence – A whopping 91% of consumers say they’re more likely to trust companies that show a real commitment to protecting their customers’ information. When your marketing agency works with SOC 2 Type 2 certified vendors like WhatConverts, it proves you care about data security too.
    • Aligned Values – Customers want to align with companies that reflect similar values. Being a good steward of personal data shows you take protecting personal information just as seriously as your customers. And that’s a fantastic way to build loyalty.
    • More Transparency – The completion of this examination exemplifies WhatConverts’ commitment to its users to provide unfiltered information about the effectiveness of our internal controls. For you, that means building trust by working with partners that are open and transparent.
    • Sets a New Industry Standard – As greater numbers of service providers seek data security certification, it becomes less of a “nice to have” and more of a necessity. And that can lead to serious shifts in the industry as a whole towards being better stewards of customer data.


    of consumers say they’re more likely to trust companies that show a real commitment to protecting their customers’ information.

    Other Security Measures We Use to Keep Your Data Safe

    While earning SOC 2 Type 2 compliance is a major win, it’s just one part of our overall security plan, which includes the following:

    We take pride in the level of data security we provide for marketing agencies like yours. Not because we have to. But because it’s the right thing to do.

    What Are the Standards for Gaining SOC 2 Type 2 Certification?

    Gaining SOC 2 Type 2 certification is no easy process.

    First and foremost, service providers must be audited by an independent CPA firm. At WhatConverts, we partnered with Prescient Assurance LLC, a leading provider of attestation and compliance services.

    Prescient conducted an independent and thorough audit of WhatConverts’ servers, systems, and products from July 15, 2022, to January 15, 2023. It was also conducted under the SOC 2 compliance framework provided by the American Institute of Certified Public Accountants.

    To gain certification, a service provider must be tested against one or more of the AICPA’S Five Trust and Integrity Principles:

    • Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
    • Availability – Information and systems are available for operation and use to meet the entity’s objectives.
    • Processing Integrity – System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
    • Confidentiality – Information designated as confidential is protected to meet the entity’s objectives.
    • Privacy – Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.

    WhatConverts’ successful SOC 2 Type 2 examination focused on the Security Principle, which tested our information and systems against more than 100 different control factors over the course of several months.

    Consequently, we’ve been certified as being thoroughly protected against unauthorized access, disclosure of information, and damage to systems.

    Our Commitment to Your Security

    We understand the importance of data security. Not just for our clients, but for their customers as well.

    That’s why we hold our commitment to keeping your information secure as our highest priority. We’re serious about data security. Because your customers are too.

    We plan to follow through on that commitment to earning your trust by:

    We’re proud to say our earning of SOC 2 Type 2 certification is just one step in creating a more secure industry for your customers. Because we built WhatConverts to empower you to be more successful without ever having to compromise your (or your customers’) data security.
    Read WhatConverts reviews on G2

    Avatar photo
    Jeremy Helms

    Jeremy Helms is a co-founder of WhatConverts. Connect with him on Linkedin or via email at jeremy.helms@whatconverts.com.

    Get a FREE presentation of WhatConverts

    One of our marketing experts will give you a full presentation of how WhatConverts can help you grow your business.

    Schedule a Demo
    ready to get marketing clarity?

    Grow your business with WhatConverts

    14 days free trial Easy setup Dedicated support
    G2 Users Love Us Badge
    G2 High Performer Badge
    G2 High Performer Small Business Badge
    G2 Momentum Leader Badge
    G2 High Performer Europe Badge