<img src="https://ws.zoominfo.com/pixel/615750b99f3554001334ec79" width="1" height="1" style="display: none;">
Security & Compliance

Enterprise-level security and compliance

Suralink inherently understands the importance of data security and has built enterprise-level security into every aspect of the platform.

Talk to Sales
wipfli marum sikich uhy berdon
  • wipfli
  • marum
  • sikich
  • uhy
  • berdon

Protecting sensitive client data

You and your team handle sensitive client information every day, including financial, personal, payment data, and more. Ensuring that data remains secure is critical for both your clients’ and your business’s long-term success.

Multi-factor authentication

Inactivity time-out

Encrypted third-party access

Access restriction by role or engagement

SSL AES 256-bit encryption

SOC1, SOC2, and SOC3 compliant data centers


File security

Encryption for the modern business

All documents that are uploaded into Suralink are always secured with AES-256 bit encryption. Client organization names, engagement names, and all comments between users are treated as sensitive and are also encrypted at rest with AES-256 bit encryption.

Recovery, backup, and audit logs

Accidents happen and sometimes you need to review, recover, or audit your data. To that end, all data stored in Suralink is encrypted and backed up offsite daily. A two-stage “click then confirm” deletion system prevents accidental data deletions. And an audit trail logs all activity in the system by username and IP address.

Rigorous third-party testing

To ensure the highest levels of security, we perform vulnerability and penetration security tests on a regular basis. These include internal and external scans from multiple third-party experts.

Privacy controls

Privacy policy

We believe that you own your data, which means we are dedicated to keeping it private. You can read our privacy policy to better understand how and when we collect your data and how we protect it.

Cookie policy

Cookies are delicious in real life, and digitally they help us make you more efficient. You can read our entire cookie policy, how and why we use cookies, and what rights you have to control our use of them.

Account integrity

Password requirements

Remembering 20 different passwords for 20 different applications is hard. But that’s no reason to be lax about security. Suralink has strict password requirements to ensure every login is as secure as possible.

Two-factor authentication

Suralink offers all users the option to use third-party mobile authenticators to protect their account. Administrators can also require team members to have two-factor authentication enabled.

Session inactivity and timeout

Every Suralink account is protected by session inactivity and timeout protocols. If you’ve been inactive for too long, we’ll log you out automatically to protect your data and ensure no one else can access your account.


Meeting data security standards across industries

Whether you work with clients in the healthcare or retail industries, the financial sector or high tech, we’re compliant with the latest rules and regulations. You can feel secure knowing that our data privacy protections meet the most stringent compliance standards.





Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.


The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents. Suralink currently adheres to all CCPA requirements.


The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Suralink is currently compliant with GDPR guidelines.


Secure File Sharing

Secure File Sharing also comes with additional security features unique to the challenges it solves, including:

Learn More

Link invalidation

Invalidate any link at any time

File Expiration

Files expire and cannot be accessed after 30 to 90 days depending on your preferences

Link regeneration

Regenerate your personalized link at any time

Live Support

Live support during business hours so you can quickly and easily get answers to questions.