Security at Alpaca

Here at Alpaca, we take security seriously. We have implemented industry best practices to ensure your data remains secure on our platform.

AICPA SOC for Service Organizations GDPR


Alpaca adheres to the ISO 27001:2013 standard and undergoes annual SOC 2 Type 2 assessments against all 5 trust services criteria, Security, Confidentiality, Availability, Integrity, and Privacy.

Further, Alpaca complies with GDPR and UK’s ICO Data Protection programs to ensure the privacy and security of all personal data collected and/or stored.

Achieving the SOC 2 Type 2 attestation and being independently verified, assures that Alpaca has an effective Security and Privacy program.


Alpaca’s infrastructure is built on top of Google Cloud Platform which is built on a secure-by-design foundation and has attained several security and privacy certifications and attestations including ISO 27001, SOC 1, SOC 2, PCI DSS, and is compliant with GDPR.

For more information, click here to access Google’s Trust Center.

We have established a robust multi-layered network ecosystem utilizing Google's infrastructure to ensure the constant availability and protection of our applications and data. The access to our infrastructure and data is regularly reviewed to ensure only authorized personnel gain access. Along with rigorous security measures, we maintain the availability of the data we gather by performing comprehensive daily backups that are stored offsite, and these backups are tested daily to ensure their integrity.

Alpaca operates under a Zero Trust architecture, a security model that emphasizes the importance of verifying every access attempt to our network, applications, and data, regardless of the user's location or affiliation.

Access to our infrastructure requires strong credentials and two-factor authentication.

Data Handling and Encryption

Alpaca takes the handling of confidential data very seriously, implementing a series of robust measures to ensure its protection and maintain the trust of our clients and stakeholders. These measures include:

Vulnerability Disclosure and Bug Bounty Program

We actively cooperate with global security researchers to detect and address security weaknesses within our platform. If you suspect that you've discovered a security flaw, please submit a request to our support team at to be invited to our bug bounty program where you may be rewarded if we confirm the issue to be valid and aligns with our bug bounty policy. If you would like to encrypt your email back to us please use the public key found below.

Click here for further information on Alpaca’s Security program.

Download Public Encryption Key