Trust is the foundation for every great partnership.

Empower your organization to make better compensation decisions by granularly sharing the right data with the right people, in accordance with your organization’s transparency policies.

Assemble UI shot

Enterprise-Grade Security & Privacy Standards

Assemble will never sell your personal information and processes any EEA-based personal data in accordance with our Data Processing Addendum and the standard contractual clauses (SCCs). See our Privacy Policy for more information.

SOC 2 Type 2
We work with an independent auditor to maintain SOC 2 Type II compliance. We are happy to provide our most recent SOC 2 Type II report to our customers upon request.




Enable your team with confidence and security.

Assemble Foundations enables best-in-class security for collaboration workflows within your organization. Enterprise-grade Role-Based Access Control (RBAC), Single-Sign-On (SSO) authentication, and in-product data protection ensure you can share sensitive compensation information easily according to a user’s privilege.

Assemble helps you eliminate risky data management practices for sensitive compensation information. No more triple-checking one-time data shares, sending spreadsheets over email, or fat-fingering the wrong numbers.

Assemble UI shot


  • Principle of Least Privilege: Our customer’s data is incredibly sensitive. We apply the principle of least privilege to ensure maximum data confidentiality. All access to production systems and customer data is limited to employees with a specific business need.
  • Robust Access Control: Access to all internal systems requires multiple authentication factors, including context-aware access control for administrative access.
  • Annual Penetration Testing: In addition to our Responsible Disclosure program, we conduct rigorous annual penetration tests with best-in-breed independent security firms.

    For more information, please see our Security Controls.


  • Encryption: We encrypt all sensitive data both at rest and in transit using robust, industry-leading encryption algorithms.
  • Network Security: Our production environments run in an isolated Virtual Private Cloud network with only necessary services enabled. External administrative access is mediated through context-aware access control proxies.
  • Cloud-Native Security: We’ve built our infrastructure from the ground up for security. We use declarative, immutable infrastructure and have adopted services and tools that help us minimize risk across our technology stack.
  • Commitment to Continuous Innovation: Assemble’s security team continuously evaluates our security controls and monitors employee devices, cloud environments, and networks for malicious activity.

    We are continuously evaluating best-in-class security practices and technologies to remain state-of-the-art.

Responsible Disclosure Policy

If you believe you've identified a security vulnerability in Assemble's service, please email Our security team promptly investigates all reported issues.

Empower your people
with Assemble

Assemble UI shot