Trust center

We are delighted to share our latest Web Application Penetration Test report, which follows detailed testing conducted by CyberCX between February 5th and 21st, 2025.

The test identified five vulnerabilities rated MEDIUM and six were rated LOW.

We have commenced remediation work, focusing first on the medium-risk vulnerabilities. We commit to remediating all vulnerabilities in accordance with our published Vulnerability Management Policy.

The report is available for viewing at https://security.sapia.ai/item/pentest-report.

We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2023 to November 30, 2024. This has been uploaded to the portal and is ready to view by interested parties at https://security.sapia.ai/item/soc-2-report.

Annual penetration testing of the Sapia.ai platform took place between February 2 and February 16, 2024. The results are now available in the report available in our Trust Center: https://app.safebase.io/portal?itemUid=722b9671-c0d5-4a19-a5f7-0ad8fd81307c.

Overall, the applications were found to be secure, yielding no significant security vulnerabilities that would impact the confidentiality or integrity of application data. Minor vulnerabilities raised present unlikely attack vectors or are of minor consequence. We will review these minor vulnerabilities and remediate them where necessary.

We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2022 to November 30, 2023. This has been uploaded to the portal and is ready to view by interested parties.

One of our sub-processors, Atlassian, released a security advisory regarding external attackers who might have taken advantage of a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances. This allowed them to create unauthorized Confluence administrator accounts and gain access to Confluence instances.

Sapia.ai is not impacted as we solely use Atlassian Cloud sites, which are not affected by this vulnerability.

Sapia.ai has added subprocessor monday.com.

Monday.com is a project management tool used mainly by our Customer Success Team. No candidate personal data is shared. This subprocessor is only used in the administration of our business. If customers wish to collaborate with Sapia.ai in the tool, we can invite named contacts, in which case we share the customer's name and email address with this subprocessor. There is no obligation by customers to accept this invite.

Our security team has reviewed monday.com to ensure they meet our cyber security requirements. Monday.com holds ISO 27001 certifications along with SOC2 and fully complies with GDPR. Our security team continues to audit our subprocessors to ensure ongoing compliance regularly.