We're actually in the process of getting SOC2 and pen tests ourselves - another benefit of a hosted offering is it can (eventually) integrate into your compliance system (e.g., vanta)
A lot of our customers are in fintech (payroll, banking, etc) so we've spent a lot of effort on our security model: https://layerci.com/security
A lot of our customers are in fintech (payroll, banking, etc) so we've spent a lot of effort on our security model: https://layerci.com/security