Trust

Security at Theora

We treat the security of customer data as foundational. This page summarises the controls and practices that protect the Service.

Last updated: 29 May 2026

Encryption

Access control

Infrastructure

Compliance

Theora is actively pursuing SOC 2 and maintains a documented information security program covering access management, change management, incident response, and vendor risk. Documentation is available to customers under NDA on request.

Vulnerability disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@theorahq.com with details and steps to reproduce. We will acknowledge your report and work with you on a resolution. Please do not publicly disclose an issue until we have had a reasonable opportunity to address it.

Bug Bounty

We do not currently operate a paid Bug Bounty program. We do, however, value and recognise responsible disclosures made through the vulnerability disclosure channel above, and we will credit researchers who report valid issues. As our security program matures we plan to formalise a Bug Bounty program.

Reporting a concern

Security questions or concerns can be sent to security@theorahq.com.