COMPLIANCE · SOC 2 · DATA HANDLING

Built on a foundation of trust.

Heeler scans your code, your dependencies, and the artifacts your AI agents read. We treat that access with the seriousness it deserves — SOC 2 certified, with a public Trust Center where the full set of controls and attestations lives.

Visit Trust Center →Security questions?

SOC 2 Certified

Our complete posture lives at trust.heeler.com.

Controls, attestation reports, sub-processor list, security practices, and the latest changes are all documented there — always current, always public. Pull anything you need for your vendor review.

Open Trust Center →
SOC 2
Type II

How we think about your data.

Three principles guide everything Heeler does with the code and context you connect to us.

01

Least access, by default

Heeler reads only what's needed to do its job — metadata, dependency graphs, code structure. Read-only access where possible. We don't ask for what we don't need.

02

Source code stays where it lives

The CLI runs offline for secret detection — source never leaves the developer's machine. For platform scanning, Heeler analyzes structure and dependencies, not full source dumps.

03

Transparency over hand-waving

Every control, sub-processor, and incident lives at our public Trust Center. If you need something for a vendor questionnaire, it's already there — no NDA required to read it.

Need something specific for your vendor review?

SOC 2 report, sub-processor list, security questionnaire response — it's at trust.heeler.com. If it's not, we'll get it to you fast.

Trust Center →Email security@heeler.com
Product
ProductExploitabilityFixabilityRemediationGuardrails
Resources
Resources HubFAQTrust CenterPricing
About
AboutContact UsCustomer SupportSubscribe
© 2026 Heeler
Privacy Policy
Terms and Conditions
Cookie Policy
Cookie Preferences