Cherryrise
Try Cherryrise
Product
Shared inboxLive chatEmail deliverabilityAutomation & SLAsCustomer portalAI assistIntegrations
Solutions
E-commerceSaaSAgencies
Resources
BlogChangelogDocsGlossaryCompare
Company
PricingCustomersSecurity
Sign inTry Cherryrise
Security & compliance

Built for teams whose
legal review is thorough.

The controls, certifications and data-handling commitments behind Cherryrise — documented for the people who actually read them.

SOC2
SOC 2 Type II
audited annually
ISO
ISO 27001
certified ISMS
GDPR
GDPR
DPA + SCCs

Data residency

Choose US or EU at the workspace level. Residency is enforced at write time — data never crosses the region you picked, including backups and search indexes.

Workspace isolation

Every workspace is logically isolated and fails closed: a misconfigured query returns nothing rather than another tenant’s data. Verified by automated tests on every deploy.

Roles & assigned-only mode

Granular roles plus an enforced assigned-only agent mode — agents see only their own tickets, on every surface, checked server-side, not hidden in the UI.

Audit log

Every agent and admin action is recorded with actor, timestamp and before/after state, exportable to your SIEM. Retention is configurable per workspace.

Encryption

TLS 1.2+ in transit, AES-256 at rest. Enterprise workspaces can bring their own keys (BYOK) and rotate on their own schedule.

Self-hosting

Run Cherryrise on your own infrastructure — Node, MongoDB and your AWS SES account — so the data never leaves your VPC.

Sub-processors

The vendors that process data on our behalf. We notify customers before adding a new one.

Sub-processorPurposeRegion
Amazon Web ServicesCloud hosting & email (SES)US / EU
MongoDB AtlasPrimary datastoreUS / EU
CloudflareCDN & DDoS protectionGlobal edge
StripeBilling & paymentsUS
PostmarkTransactional email fallbackUS
Trust report Request our latest SOC 2 report and pen-test summary under NDA.
Security FAQ

The questions security teams send us.

If yours isn’t here, our team will answer it in writing.

Read the docs
Where is my data stored?
You choose US or EU residency per workspace, enforced at write time including backups and search indexes. Self-hosting keeps data entirely within your own infrastructure.
How do you isolate one customer’s data from another’s?
Every workspace is logically isolated and fails closed. Access is scoped at the query layer and verified by automated tests on every deploy — a misconfiguration returns nothing rather than another tenant’s data.
Can agents be limited to only their own tickets?
Yes. Assigned-only agent mode is enforced server-side on every surface — inbox, search, reports and API — not just hidden in the interface.
Do you support SSO and SCIM?
SAML/OIDC single sign-on and SCIM provisioning are available on Enterprise, alongside a full, exportable audit log of every agent and admin action.
Can we self-host Cherryrise?
Yes. Cherryrise runs on Node, MongoDB and your own AWS SES account, so data never leaves your VPC. Enterprise includes deployment support.

Bring it to your security review.

Request the trust report, or start a 14-day trial in your own region.

Start free trial