Keeping your data safe
91 is proudly SOC 2 Type 2 certified. We take a layered approach to ensure your data is always safe, secure, and available to you at all times.

Control your transparency
91 products include robust permissions and data protection that allow for greater control over the accessibility of your data.
- Cloud-based SaaS
- Supports SSO via Microsoft and Google OAuth2.0 providers as well as SAML
- Strong access controls that include custom permission groups for controlled transparency


Encrypted Data
Our trusted infrastructure protects your data at every level.
- Data is fully encrypted in transit and at rest with RSA 256-bit encryption
- TLS 1.2 with perfect forward security ciphers and 1.3 with HSTS
Vulnerability assessment and monitoring
91 applications are routinely checked against the Open Web Application Security Project (OWASP) top vulnerability list.
We ensure you always have access to your data with 99% uptime for 91 applications.

View our 91 Terms of Service →
91 Security and Compliance FAQ
Data Storage and Resiliency
Where is customer data for 91 Bench stored?
91 Bench is hosted on AWS in North America. All customer data is stored in AWS in the US. More specifically: We host on the west coast across multiple Availability Zones and have Disaster Recovery infrastructure in central US.
Is customer data in 91 Bench backed up?
Yes, customer data in 91 Bench is backed up continuously and the backups are encrypted at rest. Customer data is also replicated across availability zones.
Does 91 have a Disaster Recovery and Business Continuity Plan?
Yes, 91 has a Disaster Recovery and Business Continuity Plan.
Data Retention
How long does 91 retain customer data? Can a customer request deletion of their data?
By default, we retain customer data for the duration of your contract. If a customer requests the deletion of their data, we will delete their data within 90 days unless legally prohibited. Customer data that is part of the historical data import prior to implementation will be retained only as long as needed by the implementation team and will be deleted within 100 days of collecting the data from the customer.
Security Compliance and Certifications
What security compliance/certifications does 91 have?
91 currently has certification for SOC 2 Type 2. 91 has no other security compliance/certifications at this point in time. SOC 2 Type 2 report can be shared with a signed NDA in place.
Responsible Disclosure Policy
How can I report a security concern or vulnerability?
At 91, we are committed to maintaining the highest level of security for our systems and data. We encourage security researchers to report any potential vulnerabilities responsibly. Please refer to our Responsible Disclosure Policy for detailed guidelines on how to submit a report.
Integrations
Is data secure moving between 91 Bench and other software?
All access to 91 REST API endpoints require an access key and are secured with TLS. This access key can be regenerated on demand by customers. Learn more about our Open API here.
Integrations with other applications are all opt-in and authenticate via OAuth or other applicable mechanisms required by the third-party application. Integrations can be disabled at any time.
91 Employees
Are 91 employee computers secure?
It is mandatory for employee computers to have strong passwords, encrypted disks, firewalls, and, where applicable, inbound and outbound network traffic monitoring and alerting.
TALK TO AN EXPERT
Discover what 91 can do for you.
91 gives you one clear view of projects, roles, and people—so you can plan ahead, staff smarter, and keep work moving.