Built to be audited, reviewed, and trusted.
Nick Says is used by Valuation Designees at public and private companies to produce audit-ready documentation. That role demands a platform with the same discipline our customers apply to their own fair value work — SOC 2 Type I posture, encrypted storage, two-factor authentication, and strict access controls, with independent evidence available in our live trust center.
Our Trust Center — hosted by Delve.
Procurement, security, and audit teams can request our SOC 2 report, review our policies, and see the status of our controls — without an NDA email chain.
SOC 2 Type I
Nick Says operates under SOC 2 Type I controls covering security, availability, and confidentiality. Current attestation reports are available through the trust center.
Encrypted at rest and in transit
Customer data is encrypted at rest and in transit using industry-standard algorithms. Credentials and secrets are stored in a dedicated secrets manager with strict access controls.
Two-factor authentication required
Two-factor authentication is enforced for all user accounts. Administrative access is role-scoped, logged, and reviewed on a periodic cadence.
Your data, yours alone
Customer data is never shared, sold, or used to train models. Full export is available at any time. Retention and deletion requests are handled under our published policy.
Read-only seats, always included
Every subscription includes a read-only auditor seat. Auditors can review source data, methodology, and evidence without elevated permissions or ad-hoc credential sharing.
Documented response plan
We maintain a written incident response plan with defined roles, communications, and customer notification commitments. The plan is exercised periodically and updated after each review.
Need something specific — a signed DPA, a security questionnaire response, or details that aren't in the trust center? Contact the team and we'll respond within one business day.
Trust Center