Security - Wick

Overview

Wick maintains a security program designed to protect customer data, production systems, employee access, and the operational processes that support the platform. The program is managed in Vanta and reviewed through formal policies, control ownership, evidence collection, and recurring operational checks.

Our security posture is designed around practical controls: least-privilege access, strong authentication, encryption, secure development practices, vendor oversight, incident readiness, and clear ownership for security-sensitive systems.

Attestation SOC 2 Type I

Controls Managed in Vanta

Focus Customer data, platform access, and operational security

Compliance and governance

Wick's current formal third-party security attestation is SOC 2 Type I. We use Vanta to manage our compliance program, monitor control status, collect evidence, and maintain the operating system behind our security policies and procedures.

Security governance

Security policies are documented and reviewed.
Control ownership is assigned and tracked.
Security evidence is monitored through Vanta.
Exceptions and remediation work are tracked to closure.

SOC 2 Type I

Wick maintains a SOC 2 Type I report.
Security controls are organized around SOC 2 expectations.
Customer-facing security materials may be shared under appropriate process.
SOC 2 Type I is Wick's only formal security attestation at this time.

Access and application controls

Wick limits access to systems and data based on business need. Administrative access is restricted, reviewed, and removed when no longer required.

Identity and access

Multi-factor authentication is required for critical systems.
Access is granted according to least-privilege principles.
Administrative permissions are limited to approved personnel.
Access reviews and offboarding controls are maintained.

Secure development

Code changes follow review and change-management practices.
Secrets are not intended to be stored in source code.
Dependencies and vulnerabilities are monitored.
Production changes are controlled and traceable.

Data protection

Wick is designed for work that depends on sensitive audience data and proprietary knowledge. We use administrative, technical, and organizational safeguards intended to protect customer information throughout the systems that process it.

Data safeguards

Encryption is used for data in transit.
Encryption is used for data at rest where supported by the underlying platform.
Customer data access is restricted to authorized use cases.
Data retention and deletion are handled according to applicable agreements and operational requirements.

Customer data handling

Customer data is treated as confidential.
Production data access is limited and logged where appropriate.
Internal use of customer data is limited to providing, supporting, securing, and improving Wick services.
Data sharing with vendors is reviewed through vendor-management controls.

Infrastructure, monitoring, and incident response

Wick maintains operational controls for cloud infrastructure, system monitoring, backups, incident response, and business continuity. These controls are managed as part of our broader security program.

Infrastructure security

Cloud infrastructure is configured with security controls and restricted administrative access.
System configurations and production access are managed through defined processes.
Backups and recovery practices are maintained for critical systems.
Security-relevant logs and alerts are reviewed as part of operational monitoring.

Incident readiness

Wick maintains an incident response process.
Security events are assessed, escalated, and documented.
Post-incident review and remediation are tracked where appropriate.
Customer notification follows applicable agreements and legal requirements.

Vendor and employee security

Security depends on the full operating environment, including vendors, employees, contractors, and internal processes. Wick uses Vanta and internal procedures to keep these controls visible and accountable.

Vendor management

Vendors are reviewed based on the sensitivity of the systems or data involved.
Security documentation is collected for key vendors where appropriate.
Vendor access is limited to business need.
Data processing and confidentiality requirements are addressed through contracts or vendor terms.

People controls

Employees and contractors acknowledge relevant security policies.
Security and privacy training is maintained.
Device and endpoint expectations are defined for personnel with system access.
Offboarding includes access removal for company systems.

Security contact

If you have security questions, need customer security documentation, or want to report a security concern, contact Wick at sales@wick.ai. We will route the request to the right person internally.

This page is a summary of Wick's security practices. Specific commitments may be governed by customer agreements, data processing terms, security addenda, or other written agreements between Wick and its customers.

Security at Wick.