GoRefer Trust Center
Trust Center Changelog
Updated June 2026
This changelog tracks material updates to GoRefer's security practices, privacy policies, and compliance documentation. Subscribe to updates by emailing privacy@gorefer.io.
Version History
June 1, 2026
SOC 2 compliance audit — all CC1–CC9 controls verified implemented, audit logging hardened
Compliance page — SOC 2 Trust Service Criteria status updated from 'In Scope' to 'Implemented' with detailed control descriptions for all 9 categories
Compliance roadmap — SOC 2 Type II milestone updated to reflect all controls implemented, audit engagement in progress
Data export audit logging hardened — all export events now recorded in tamper-proof hash-chain audit trail (previously bypassed chain)
SOC 2 gap analysis completed — password policy configurability, automated vulnerability scanning, and session timeout enforcement identified as enhancement areas
April 4, 2026
Major Trust Center expansion — 4 new pages, hub redesign, and compliance timeline
AI Security & Governance page (/trust/ai-security) — data handling, controls, prompt injection protection
Business Continuity & DR page (/trust/business-continuity) — RPO/RTO targets, backup strategy, DR testing program
Employee & Operational Security page (/trust/employee-security) — staff controls, training program, offboarding procedures
Network Security page (/trust/network-security) — WAF, DDoS mitigation, rate limits, HTTP security headers
Trust Hub — posture scorecard with 9 domains, key stats, grouped navigation, core data commitments
Security page — HTTP security headers table and clean security incident history section
Infrastructure page — anonymized vendor names, improved backup & DR detail with cross-links
Compliance page — visual compliance roadmap timeline (GDPR → IRS 4557 → CCPA → SOC 2 Q3 2026 → ISO 27001 2027)
Subprocessors page — grouped by category, data sensitivity levels (High/Medium/Low), summary stats
Subprocessors library — added sensitivityLevel field to all 9 vendor entries
April 1, 2026
Full Trust Center launch — expanded from a single security page to a structured multi-page system
Full Trust Center at /trust/* with 15 structured pages
Dedicated Security, Privacy, Compliance, Infrastructure, and Access Control pages
Subprocessors page with vendor table (8 vendors listed)
Data Protection and Data Retention pages with structured tables
Incident Response page with P0–P3 severity levels and SLAs
Vulnerability Disclosure policy with responsible disclosure commitments
Data Processing Addendum (DPA) summary page
Penetration Testing policy page
Private Document Portal (request access for NDA-gated documents)
Security contact form (direct disclosure to security@gorefer.io)
Sidebar navigation with grouped sections and active-page highlighting
Existing /security page now redirects to /trust/security (301)
June 15, 2025
Added Security Hub details and field-level encryption documentation
Security Hub section with firm health score details
Field-level encryption list (SSN, EIN, bank accounts, driver's license)
Infrastructure section updated to reflect MongoDB Atlas migration
Added AI service providers to subprocessors list
January 25, 2025
Initial security and compliance page published
Initial security & compliance page at /security
Six security pillars: Encryption, Tenant Isolation, RBAC, Auth, Monitoring, Infrastructure
Privacy Policy (v1.0)
Terms of Service (v1.0)
Cookie Policy