// Trust & Security Report
Warp (Denver Technologies, Inc.)
Warp Terminal, Warp AI / Warp Agent, Warp Drive, Oz agent orchestration platform, Warp Enterprise
Certifications held
6
Maturity
Enterprise
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on warp.dev“Yes, Warp has obtained a SOC 2 Type 2 attestation from an accredited third party. Visit Warp's Trust Center to request the report.”
Verify on warp.dev“Data Processing Addendum (listed in site footer; vendor offers a DPA but no explicit GDPR certification claim found on own pages)”
Verify on trust.warp.dev“Resources ... Penetration test (listed as an available document in Warp's Trust Center alongside SOC 2 and security policies)”
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
United States (Google Cloud Platform; database locations in the US). Warp AI requests proxied to US-hosted, enterprise-level model APIs.
Warp's privacy policy lists model training as a stated purpose: 'Develop new products and Service, and improve existing products and features of the Service, including by training, fine-tuning and improving the performance of models that support our AI features.' The policy also states that when using AI features such as Active AI and Agent Mode, 'we may collect the prompts and inputs you submit and the outputs you receive. You can control our collection of these inputs and outputs at any time in your settings.' So on consumer/free plans, prompt/input collection (and potential use for improving models) is on by default but user-controllable. A Zero Data Retention (ZDR) policy is available only on the Enterprise plan, and all users can opt out of telemetry while still using AI. Enterprise admins can enforce disabling Warp AI / telemetry / secret redaction.
// Security controls
Authentication / SSO
Username+password or SSO via Google or GitHub; Enterprise can enforce SSO (e.g. Okta) and domain verification
warp.devTelemetry opt-out
All users may opt out of telemetry at any time and still use all AI features
warp.devBug bounty
No public bug-bounty program (HackerOne/Bugcrowd) found for Warp.dev terminal; security contact is security@warp.dev
warp.dev// Products & data scope
data: Local terminal app with cloud features. Prompts/inputs to AI features may be collected (user-controllable); telemetry opt-out available. No ZDR on free/Pro tiers.
Now open-source. Most consumer usage; default AI input collection is the key privacy consideration.
data: AI requests proxied to US-hosted enterprise model APIs. Prompts and outputs may be collected unless disabled. Access to multiple frontier models with permission controls.
Privacy policy lists model fine-tuning/improvement as a purpose. ZDR only on Enterprise.
data: Workflows, notebooks, shared blocks stored in GCP (US). Encrypted at rest (AES-256) and in transit (TLS 1.3).
Cloud-enabled collaboration feature.
data: Launches agents into the cloud (Warp-host or self-host). Self-hosting and 'own your data' positioning advertised for enterprise control.
Newer platform; self-host option stated on marketing site.
data: Adds Zero Data Retention, enforced SSO (Okta), domain verification, enforced telemetry/AI/secret-redaction controls, centralized governance, usage visibility, credit caps, DPA.
Strongest compliance/data-control posture; required for ZDR.
// What to watch
- Privacy policy explicitly lists training/fine-tuning of models supporting AI features as a data-use purpose; AI prompt/input collection is on by default (user-controllable in settings).
- Zero Data Retention is gated to the Enterprise plan only; free/Pro users do not get ZDR.
- Privacy policy mentions sharing personal information with 'Advertising Partners' (note: marketing data, not stated to be customer code/prompts).
- No public bug-bounty program found for the Warp.dev terminal (distinct from Cloudflare WARP).
- ISO 27001 and HIPAA not claimed on vendor's own pages; data residency limited to US.
// At a glance
Pricing model
Freemium: free tier, paid Pro, and Enterprise (contact sales). Open-source terminal core.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Warp (Denver Technologies, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.warp.dev