Security & Compliance

Enterprise security.
Built into everything.

Sherpa is built for organizations where data security and regulatory compliance are non-negotiable. Sport is trust — and our infrastructure reflects that.

Trust Architecture

Certifications & compliance standards

SOC 2 Type II

Annual third-party security audits verifying our controls for security, availability, and confidentiality.

FERPA Compliant

Student-athlete educational records are protected in full compliance with the Family Educational Rights and Privacy Act.

NCAA Ready

Built to meet NCAA compliance documentation and data handling requirements across all divisions.

256-bit Encryption

All data encrypted at rest and in transit using AES-256 and TLS 1.3 — industry-leading encryption standards.

Full Audit Trails

Every action, approval, and data change is logged with immutable audit records for complete organizational visibility.

99.9% Uptime SLA

Mission-critical infrastructure on Microsoft Azure and Google Cloud with multi-region redundancy and disaster recovery.

Security Practices

Security designed for enterprise sports organizations.

Sherpa's security posture is designed for the highest-stakes sports organizations — where data breaches, contract leaks, and compliance failures carry real reputational and legal consequences.

Talk to our security team
Role-based access control (RBAC) with granular permission levels
Multi-factor authentication (MFA) required for all users
Single Sign-On (SSO) integration via SAML 2.0 and OAuth 2.0
API key management with rate limiting and request logging
Automated vulnerability scanning and penetration testing
Data residency options for regional compliance requirements
Zero-trust network architecture for internal access controls
Incident response plan with 4-hour notification SLA
Annual employee security training and background checks
Data retention and deletion policies aligned to GDPR

Built on enterprise cloud infrastructure

Sherpa runs on Microsoft Azure and Google Cloud with multi-region deployment, automated failover, and continuous monitoring.

Microsoft Azure
Microsoft Azure
Google Cloud
Google Cloud
AWS S3
AWS S3 (Backups)
Cloudflare
Cloudflare (Security)
Stripe
Stripe (Payments)
Microsoft Azure
Microsoft Azure
Google Cloud
Google Cloud
AWS S3
AWS S3 (Backups)
Cloudflare
Cloudflare (Security)
Stripe
Stripe (Payments)
Microsoft Azure
Microsoft Azure
Google Cloud
Google Cloud
AWS S3
AWS S3 (Backups)
Cloudflare
Cloudflare (Security)
Stripe
Stripe (Payments)