Blog
Software

Sturdy announces SOC 2 Type II security compliance certification

By
Joel Passen
July 11, 2022
5 min read

It's official: Announcing our SOC 2 Type II Report

Shortly after launching Sturdy, we started our SOC 2 certification process. A SOC 2 report is for services organizations that hold, store, or process the information of their users. You can read more about it here.

Late last year, we obtained our SOC 2 Type I report. This represents a "snapshot", indicating that we have robust controls in place to ensure the security and availability of our customers' data.

Today, we are announcing that Sturdy has obtained a SOC 2 Type II report. This is the most comprehensive SOC protocol, and attests not only to the suitability of our process and systems, but our operational effectiveness of sticking to those controls over a period of time.

The full writeup describes our suite of controls for securing and handling customer data, including:

  • System monitoring and ongoing risk assessments
  • Internal access control to production environments
  • Disaster recovery, data backup, and incident response processes
  • Communication of changes to customers
  • Employee on-boarding and termination processes
We're proud of this report. It is a reflection of our dedication to security and the product of many months of hard work from our team, particularly Eric Weidner. Our commitment to security is about more than checking a box: every day we make sure that our systems and processes are worthy of the important data our customers trust us with.

Sturdy is a data-centric system of intelligence for post-sales teams. Working with data, including some of our customer's most sensitive information is what we do. We work to earn their trust by putting security and privacy front-and-center. This includes industry-leading controls, data minimization, and a secure-by-design architecture. Perhaps most importantly, we have built a security-conscious culture from Day 1: everyone at Sturdy knows that we solve for security first. You can read more about our processes and approach below.

Security Program

At SturdyAI, the security and integrity of our customer's information is of utmost importance. Therefore, Sturdy has developed and maintains a comprehensive Information Security Management program to manage risks to the security, availability, confidentiality, integrity, and privacy of Sturdy systems and products. Our program has been independently audited and certified to meet the requirements of Trust Services Criteria SOC2 Type II.

Privacy

Sturdy products utilize customer communication data to detect important signals that may have private information included such as names and contact information. To protect the privacy of this information, we maintain policies and processes to comply with data privacy regulations such as CCPA and GDPR and to help our customers comply with their obligations as the controllers of this data. Please see the Sturdy privacy policy for more information on data privacy practices and controls.

Infrastructure

Sturdy utilizes Amazon Web Services (AWS) as the Infrastructure-as-a-Service hosting provider. All data stored in AWS data centers located in the United States. Communications into our services are encrypted-in-transit and data is stored encrypted-at-rest using industry standard encryption mechanisms. Web application firewalls and network management tools such as VPC's, private subnets, and security groups are used to manage the flow of information and access between services. Infrastructure services are defined, managed, and deployed with Infrastructure-as-Code orchestration tools for consistent and repeatable systems.Tenant data is isolated in separate systems and production systems are kept in restricted access accounts separated from the development environments. 3rd-party penetration testing is conducted annually.

Questions about Sturdy's security program? Contact us at security @ sturdy.ai. 

Similar articles

View all
Software

Have you heard this from your CEO?

Joel Passen
April 29, 2025
5 min read

"How are we using AI internally?"

The drumbeat is real. Boards are leaning in. Investors are leaning in. Yet, too many leaders hardly use it. Most CS teams? Still making excuses.

🤦🏼 "We’re not ready."Translation: We don't know where to start, so I'm waiting to run into someone who has done something with it.

🤦🏼 "We need cleaner data."Translation: We’re still hoping bad inputs from fractured processes will magically produce good outputs. Everyone's data is a sh*tshow. Trust me. 🤹🏼♂️ "We're playing with it."Translation: We have that one person messing with ChatGPT - experimenting.

😕 "Just don't have the resources right now."Translation: We're too overwhelmed manually building reports, wrangling renewals, and answering tickets forwarded by the support teams.

🫃🏼 "We've got too many tools."Translation: We’re overwhelmed by the tools we bought that created a bunch of silos and forced us into constant app-switching.

🤓 "Our IT team won't let us use AI."Translation: We’ve outsourced innovation to a risk-averse inbox.

It's time to put some cowboy under that hat 🤠 . No one’s asking you to rebuild the data warehouse or perform some sacred data ritual. You don’t need a PhD in AI.

You can start small.

Nearly every AI vendor has a way for you to try their wares without hiring a team of talking heads to perform unworldly 🧙🏼 acts of digital transformation.

Where to start.

✔️ Pick a use case that will give you a revenue boost or reveal something you didn't know about your customers.

✔️ Choose something that directs valuable work to the valuable people you've hired.

✔️ Pick something with outcomes that other teams can use.

Pro Tip: Your CEO doesn't care about chatbots, knowledgebase articles, or things that write emails to customers.

What do you have to lose? More customers? Your seat at the table?

CX Strategy

Talent gets you started. Infrastructure gets you scale.

Joel Passen
April 29, 2025
5 min read

We obsess over hiring A-players. But even the best GTM talent will flounder if the foundation isn’t there.

I’ve seen companies overpay for “rockstars” who quit in 6 months—not because they weren’t capable, but because they were dropped into chaos. No ICP. Bad data. No process. No enablement. No system to measure or coach.

Great GTM teams aren’t built on purple squirrels. They’re built on a strong foundation.

That foundation looks like this:

✅ A crisp, written ICP and buyer persona (not just tribal knowledge)

✅ Accurate prospect data to target the right ICP

✅ A playbook that outlines how you win—and how you lose

✅ A clear point-of-view that your team can rally around in every email, call, and deck

✅ Defined stages, handoffs, and accountability across marketing, sales, CS

✅ A baseline reporting system to see what’s working—and what’s not

When this exists, you can onboard faster, coach better, and scale smarter. It's not easy, and it’s not sexy, but it works.

Want to cut CAC and increase ramp speed? Start with your infrastructure. Hire into a structure.

Software

The Three Biggest Problems Facing B2B SaaS in 2025

Joel Passen
April 29, 2025
5 min read

Most B2B SaaS companies still operate like it's 2020. Everything changed: customer expectations, growth efficiency, and competitive dynamics have flipped.

Here’s what’s changed:

Net-New Growth is Slowing: Recent benchmarks show it’s not just a feeling—it's a trend. The 2024 SaaS Capital Performance Metrics Benchmark report notes a pivot from "growth at any cost" to "lower growth at reduced efficiency," with CAC Ratios, Payback Periods, and Net Revenue Retention all trending in the wrong direction. The biggest slowdowns? Private SaaS companies in the $10-$20M ARR range, where growth rates dropped sharply from 2022 to 2023.

Real-Time Expectations: Today’s customers don’t wait for a QBR. They expect immediate action when things go wrong—or when their needs change. When ignored, they escalate quickly. If your team is still relying on survey responses or notes from a quarterly meeting, you’ve already lost.

Lower Switching Costs/More Competition: SaaS is saturated. Data portability, budget flexibility, and competitive pricing mean your customers can and will leave. Loyalty isn't dead—it just has to be earned every day.

The old playbooks are outdated. In the past, churn was a problem you could try to fix before renewal. Now? It’s a daily risk.

📌 The solution isn’t more headcount (flesh) or more software (abstraction layers). It’s visibility and intelligence/insights. Business need knowledge that uncovers what customers are actually saying—across every channel/silo—and turns it into action before the renewal is at risk.

The playbook is changing fast. AI is raising the bar by transforming how teams detect realtime revenue threats, identify cross-sell opportunities, and respond to customer signals/behaviors beyond just login/usage data, opinions, and surveys. The delta between AI-powered companies and everyone else is widening very fast.

SaaS teams that win in 2025 will focus on minding GRR and stop reacting to churn—and start preventing it.

How many customers will you have to lose before you try Sturdy?

Schedule Demo
A blue and gray logo with a black background
A number of different types of labels on a white backgroundA white background with a red line and a white background with a red line andA sign that says executive change and contact request
A white background with a red line and a blue lineA number of different types of logos on a white backgroundA pie chart with the percentage of customer confusion and unhappy
A number of graphs on a white background

By clicking “Accept all cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Reject all cookiesAccept all cookies
Manage preferences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.