Trust is the foundation for every great partnership.

At Assemble, we measure our impact by the trust our customers have in us. A key aspect of our customers’ trust is ensuring that their sensitive data is safe, secure, and in compliance with applicable regulation.

We are committed to maintaining the highest standards of security, privacy, and compliance, and to ensuring that these practices are transparent and clearly explained to our customers.

If you have any questions about trust at Assemble, please send us an email at

Enterprise-Grade Security
& Privacy Standards

Assemble will never sell your personal information and processes any EEA-based personal data in accordance with our Data Processing Addendum and the standard contractual clauses (SCCs). See our Privacy Policy for more information.
SOC 2 Type 2
We work with an independent auditor to maintain SOC 2 Type II compliance. We are happy to provide our most recent SOC 2 Type II report to our customers upon request.

Enable your team with confidence and security.


Assemble Foundations enables best-in-class security for collaboration workflows within your organization. Enterprise-grade Role-Based Access Control (RBAC), Single-Sign-On (SSO) authentication, and in-product data protection ensure you can share sensitive compensation information easily according to a user’s privilege.
Assemble helps you eliminate risky data management practices for sensitive compensation information. No more triple-checking one-time data shares, sending spreadsheets over email, or fat-fingering the wrong numbers.


Principle of Least Privilege
Our customer’s data is incredibly sensitive. We apply the principle of least privilege to ensure maximum data confidentiality. All access to production systems and customer data is limited to employees with a specific business need.
Robust Access Control
Access to all internal systems requires multiple authentication factors, including context-aware access control for administrative access.
Annual Penetration Testing
In addition to our Responsible Disclosure program, we conduct rigorous annual penetration tests with best-in-breed independent security firms.

For more information, please see our Security Controls.


We encrypt all sensitive data both at rest and in transit using robust, industry-leading encryption algorithms.
Network Security
Our production environments run in an isolated Virtual Private Cloud network with only necessary services enabled. External administrative access is mediated through context-aware access control proxies.
Cloud-Native Security
We’ve built our infrastructure from the ground up for security. We use declarative, immutable infrastructure and have adopted services and tools that help us minimize risk across our technology stack.
Commitment to Continuous Innovation
Assemble’s security team continuously evaluates our security controls and monitors employee devices, cloud environments, and networks for malicious activity.

Our team has hands-on experience building and operating security products in the U.S. Intelligence Community and the private sector, and we are committed to maintaining the highest standard of enterprise security available. We are continuously evaluating best-in-class security practices and technologies to remain state-of-the-art.
disclosure POLICY

Responsible Disclosure Policy

If you believe you've identified a security vulnerability in Assemble's service, please email Our security team promptly investigates all reported issues.

Empower your people with Assemble

Next-generation compensation management. Assembled with building blocks driven by your policies and beliefs.

Request A Demo