cataas.com

D-
Conditional · 62/100
Shows significant security gaps that need urgent attention. Positive signals: TLS Configuration, Cookie Security, and TLS Protocol Support all passed. 7 action items identified, including 1 critical. The issues point to real architectural gaps, not just configuration tweaks. A focused remediation effort of 2–5 days could address all findings.
Trust Score Trend
→ No change 1 scan · Last scanned July 08, 2026
Score
100 75 50 25 0
D-
cataas.com
62/100
Compliance & Certifications
Not yet verified
SOC 2 TYPE II
SOC 2 Type II
Audit report not on file
3rd party · AICPA
Pro subscribers only
ISO 27001
ISO 27001
Certificate not on file
3rd party · accredited body
Pro subscribers only
GDPR
GDPR
DPA not on file
Self-reported
Pro subscribers only
CCPA
CCPA
Privacy policy not on file
Self-reported
Pro subscribers only
Incident History
None in 12 months
March 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
April 2023 – Feb 2026
ChatGPT data exposure
1 source
Resolved
Pro subscribers only
Security Posture
7 items need attention
8 passed
0 of 1 fixed
All 1 critical issue marked as fixed
Re-scan to confirm and update your score.
Turn on email authentication (SPF, DKIM, DMARC)
DMARC / Email Security
1–2 days

This exposes customers, partners, and employees to phishing attacks that impersonate your brand. Right now, anyone can send an email that looks like it came from [email protected] — no password or hack required. This is how the vast majority of phishing scams that impersonate a company work, and it can damage your reputation with customers even though your systems were never touched. Missing: DKIM.

NIST CSFPR.AC-7
Email authentication is a required access control
ISO 27001A.13.2.1
Information transfer policies require email security controls
HIPAA§164.312(e)
Transmission security for electronic PHI
How to fix this
1Turn on DKIM signing — look for "DKIM" under your email provider's admin/security settings. It will generate a record for you to paste into the same DNS settings above.
2After 2–4 weeks, check the DMARC reports for anything legitimate that got flagged, then tighten the policy from quarantine to reject.
Report unlocked.
View all 8 passed checks
TLS Configuration
Cookie Security
TLS Protocol Support
Known Breaches
CVE Exposure
Certificate Hygiene
MX Records & Mail Provider
Subprocessors & Tech Stack
Company Signals
Claim profile →
Operational risk
Low
11 yrs operating. Well-funded
Lynxradar · Composite signal
Last funding
$40B
Series F · Mar 2025 · SoftBank-led
Crunchbase ↗
Employees
~3,000
+40% YoY growth
LinkedIn ↗
Trust Resources
Claim profile →
Trust Center
trust.cataas.com ↗
Security page
cataas.com/security ↗
Privacy Policy
cataas.com/privacy ↗
DPA (Data Processing Agreement)
cataas.com/dpa ↗
Updated recently
Subprocessors List
cataas.com/policies/subprocessors ↗
Similar companies
Appears in
Claim profile →
SOC 2 Type II certified vendors
847 companies · Updated weekly by LynxRadar
Track
ISO 27001 certified SaaS
312 companies · Updated weekly by LynxRadar
Track
Top AI vendors by trust score
94 companies · LynxRadar ranking
Track
Enterprise-ready SaaS · Trust score A or above
203 companies · LynxRadar ranking
Track