Trust Center

    Security and compliance you can verify.

    Silent Witness handles crash photos, claim files, and legal evidence. We treat that data with the same scientific rigor we apply to a reconstruction. Our live trust center, monitored continuously through Vanta, hosts current attestations, policies, and security documentation.

    How we protect customer data.

    SOC 2 program

    Continuous controls monitoring across security, availability, and confidentiality, evidenced through Vanta and reviewed by independent auditors.

    Encryption in transit and at rest

    TLS 1.2+ for every connection. AES-256 for data at rest. Customer photos and reports are isolated per case and purged on request.

    Access controls

    Least-privilege role-based access, SSO for enterprise customers, MFA required for all internal accounts, and full audit logging on production systems.

    Hardened cloud infrastructure

    Runs on SOC 2 and ISO 27001 certified cloud providers with private networking, automated backups, and 24/7 infrastructure monitoring.

    Vendor and subprocessor review

    Every subprocessor that touches customer data is reviewed for security posture, data residency, and contractual safeguards before production access.

    Privacy by design

    Customer evidence is never used to train models. PII handling follows our Privacy Policy, and we honor verified deletion requests within 30 days.

    What's in the trust center.

    The trust center is the source of truth for our current security posture. Sign in to request access to specific documents under NDA, monitor controls in real time, and subscribe for updates.

    SOC 2 Type II report

    Independent auditor's report covering security, availability, and confidentiality. Available under NDA via the trust center.

    Penetration test summary

    Most recent third-party penetration test attestation and remediation summary.

    Information security policies

    Access control, incident response, change management, and business continuity policies.

    Subprocessor list

    Current list of subprocessors with data scope and processing locations.

    Report a vulnerability.

    If you believe you have found a security vulnerability in any Silent Witness product or service, we want to hear from you. Email security@silentwitness.ai with reproduction steps and your contact information. We acknowledge reports within two business days and coordinate disclosure with researchers in good faith.

    For privacy questions, data subject requests, or processing agreements, see our Privacy Policy.

    See it for yourself.

    Our live trust center, powered by Vanta, shows current control status, attestations, and policies. Request documents directly from the portal.