Timely is now SOC 2 compliant. For a company built with data security and data privacy as core values, this is a milestone we have worked toward since day one.

Every district that works with Timely is trusting us with the data of their students, and we don't take that responsibility lightly. Every technical decision, every process, and every vendor relationship we've entered into has reflected our belief that this trust must be earned.

What SOC 2 Means

Service Organization Controls (SOC) is a framework developed by the American Institute of Certified Public Accountants (AICPA) specifically to provide assurance over how organizations retrieve, store, process, and transfer data. We worked with Advantage Partners as our auditing firm and used Vanta as our compliance platform throughout the process. Together, they reviewed our systems, our processes, our people practices, and our policies to verify that we're doing what we say we're doing.

The scope is comprehensive, touching every part of a company's operation:

• Technology environment: the security of servers, cloud infrastructure, and how data is stored and protected

• Operational practices: how employees are onboarded and offboarded, and what access controls are in place

• Change management: how software changes are reviewed and safely deployed

• Incident communication: established processes for responding to security events

• Risk assessment and monitoring: how we identify, evaluate, and track potential threats to our systems and data on an ongoing basis

• Physical access and device security: ensuring company devices are managed and monitored appropriately

When we founded Timely, we elevated data security as a foundational principle because we always knew the weight of the data we'd be entrusted with. We've integrated security practices directly into our development lifecycle so that protection is always at the forefront of how we build. At the same time, we know that the security landscape is constantly shifting. We are deeply committed to continuing to build on our security practices through ongoing audits, continued investment in our security infrastructure, and a team that treats trust as something earned continuously.

To every district and partner who works with us: thank you. Achieving SOC 2 compliance is a milestone we're proud of, and what it really represents is a third-party validation of a commitment we've held since day one. The protection of your data, and the data of your students, is the highest priority for our team. The trust you extend to us is an honor. We don't take it for granted, and we never will.