For now n8n is being reviewed and developed for some of internal non-critical business automations. Using NODE, we have concerns on large data and using for mission critical operation automations. Our Feedback or Question is does n8n have any data certification such as a SOC Type 1 or 2 certification with the Enterprise version so we can have confidence to our investors that our data is protected, and if not is this a consideration or goal for the future of n8n?
We are actually in the process of becoming SOC 2 Type 2 compliant right now. We are in the middle of the audit window.
2 Likes
hi @jan – can you confirm that n8n is currently soc 2 compliant? I see it on your home page, but it’s unclear if that is just for the enterprise plan.
Hey @jgbratch,
Welcome to the community 
SOC 2 is an interesting one it doesn’t apply to a specific application and it is more around the controls and processes put in place by the organisation that creates / manages it so in our case as a company we are going through the SOC 2 compliance process and I believe our testing phase is over and we should have the completion report soon but this does not mean that n8n the application when self hosting either the community or enterprise version is compliant.
But if you were to use Cloud for Enterprise or one of our normal plans the way we manage that environment and handle the data is done in a way that will be SOC 2 compliant.
Hopefully this helps
1 Like
Okay great. That is helpful. Our company is currently going through the SOC2 compliance process as well (I feel your pain!) and we need to ensure that all third party tools that touch the database handle the data in a SOC2 compliant way. So sounds like we are good with n8n
1 Like
Hey @jgbratch,
I would say you should be ok, Are you planning to use Cloud or self host?
@Jon cloud
1 Like
Any updates on the Soc2T2 cert?
I’m not associated with n8n, but it looks like they achieved their SOC2 cert – the report’s only for enterprise customers, though. See n8n Legal
As others have mentioned, SOC2 is about the organization’s controls, not the application itself – so a cloud plan on n8n would meet the criteria, but this doesn’t mean anything when it comes to self-hosting.