Announcing SOC 1 Type 2 Compliance at Campfire
Campfire is Now SOC 1 Type 2 Compliant
We're excited to share that Campfire has officially achieved SOC 1 Type 2 compliance — a major milestone that reinforces our commitment to supporting customers at every stage of growth, from startup to IPO.
“This certification isn’t just a badge, it’s a promise. A promise that Campfire has the systems, controls, and internal processes in place to support the rigorous standards required by publicly traded companies and those preparing to go public.” — John Glasgow, CEO and Founder at Campfire
Why SOC 1 Type 2 Matters
Security and data integrity are foundational at Campfire. That’s why we invested early in the internal controls and operational discipline required for SOC 1 compliance — to ensure we can serve our customers with the trust, confidence, and transparency they deserve.
This achievement is especially important for:
Enterprise confidence – Your systems are backed by independent, audit-grade controls.
Customer reassurance – Clients know their sensitive data is handled with care, accuracy, and protection.
Growth readiness – Whether you’re preparing for your first enterprise deal or getting ready to go public, we’ve got your back.
What is SOC 1 Type 2?
SOC 1 Type 2 is an attestation report that evaluates how well a company’s internal controls operate over time. Unlike a Type 1 report, which offers a snapshot at a single point in time, a Type 2 report verifies the effectiveness of those controls over a period of several months.
This certification validates that Campfire has designed and implemented controls that meet the highest standards for service organizations impacting financial reporting and sensitive data.
What It Assesses
A SOC 1 Type 2 report examines internal controls relevant to financial reporting and how data is managed, focusing on these key areas:
Security: Protection of systems against unauthorized access.
Availability: Assurance that systems are available for operation and use.
Processing Integrity: Ensuring system processing is complete, accurate, timely, and authorized.
Confidentiality: Protection of confidential information.
Privacy: Protection of personal information collected, used, and disposed of by the organization.
Key Characteristics
Time-based: Evaluates effectiveness over a sustained period, not just a snapshot in time.
Tests effectiveness: Goes beyond describing controls to validate how well they actually work in practice.
Provides reassurance: Serves as an independent, timestamped record that builds trust with customers, partners, and boards.
Drives sales: Many enterprise customers require SOC 1 Type 2 compliance to prove that vendors can be trusted with their data.
Access the Report
Current and prospective customers can request access to our SOC 1 Type 2 report by reaching out to [email protected].
What’s Next
If you have questions about our security practices or what this means for your business, don’t hesitate to reach out to [email protected], we’d love to connect.
Additional Product Updates
Alongside our compliance milestone, we’re continuing to improve the Campfire platform:
Reporting updates – Navigate reports more easily with frozen headers, improved date selectors, and scrollable tables.
Updated Vendor 2.0 – New vendor records now include detailed transaction histories and additional prebuilt fields for greater visibility.
Product-level tags and departments – Automatically carry a product’s department and tags to AR lines during invoice creation. Update this in Settings > Products & Services.
Multi-select in reports – Custom reports and data lists now support multi-select for parent and child departments and entities.
Ramp sync enhancements – Bills synced with Ramp stay in sync—status changes in Ramp will automatically reflect in Campfire.
Read more about our recent product updates here.
