// Trust & Security Report

    Warp (Denver Technologies, Inc.) logo

    Warp (Denver Technologies, Inc.)

    Warp Terminal, Warp AI / Warp Agent, Warp Drive, Oz agent orchestration platform, Warp Enterprise

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    Yes, Warp has obtained a SOC 2 Type 2 attestation from an accredited third party. Visit Warp's Trust Center to request the report.

    Verify on warp.dev
    SOC 2 (Trust Center listing)
    HELD

    Compliance | SOC 2

    Verify on trust.warp.dev
    ISO 27001
    HELD
    Verify on trust.warp.dev
    HIPAA
    HELD
    Verify on warp.dev
    GDPR
    HELD

    Data Processing Addendum (listed in site footer; vendor offers a DPA but no explicit GDPR certification claim found on own pages)

    Verify on warp.dev
    Penetration test (third-party)
    HELD

    Resources ... Penetration test (listed as an available document in Warp's Trust Center alongside SOC 2 and security policies)

    Verify on trust.warp.dev

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    United States (Google Cloud Platform; database locations in the US). Warp AI requests proxied to US-hosted, enterprise-level model APIs.

    Warp's privacy policy lists model training as a stated purpose: 'Develop new products and Service, and improve existing products and features of the Service, including by training, fine-tuning and improving the performance of models that support our AI features.' The policy also states that when using AI features such as Active AI and Agent Mode, 'we may collect the prompts and inputs you submit and the outputs you receive. You can control our collection of these inputs and outputs at any time in your settings.' So on consumer/free plans, prompt/input collection (and potential use for improving models) is on by default but user-controllable. A Zero Data Retention (ZDR) policy is available only on the Enterprise plan, and all users can opt out of telemetry while still using AI. Enterprise admins can enforce disabling Warp AI / telemetry / secret redaction.

    // Security controls

    Encryption at rest

    AES 256 or higher

    warp.dev

    Encryption in transit

    TLS 1.3

    warp.dev

    Data hosting

    Google Cloud Platform, US database locations

    warp.dev

    Authentication / SSO

    Username+password or SSO via Google or GitHub; Enterprise can enforce SSO (e.g. Okta) and domain verification

    warp.dev

    Zero Data Retention

    Available on Enterprise plan only

    warp.dev

    Telemetry opt-out

    All users may opt out of telemetry at any time and still use all AI features

    warp.dev

    Penetration testing

    Third-party pentest report available via Trust Center

    trust.warp.dev

    Bug bounty

    No public bug-bounty program (HackerOne/Bugcrowd) found for Warp.dev terminal; security contact is security@warp.dev

    warp.dev

    Security contact

    security@warp.dev

    warp.dev

    Cyber insurance

    Cybersecurity insurance maintained (Trust Center control)

    trust.warp.dev

    // Products & data scope

    Warp Terminal (free / Pro)Agentic terminal / developer tool

    data: Local terminal app with cloud features. Prompts/inputs to AI features may be collected (user-controllable); telemetry opt-out available. No ZDR on free/Pro tiers.

    Now open-source. Most consumer usage; default AI input collection is the key privacy consideration.

    Warp AI / Warp AgentAI coding agent / model routing

    data: AI requests proxied to US-hosted enterprise model APIs. Prompts and outputs may be collected unless disabled. Access to multiple frontier models with permission controls.

    Privacy policy lists model fine-tuning/improvement as a purpose. ZDR only on Enterprise.

    Warp DriveTeam knowledge / collaboration storage

    data: Workflows, notebooks, shared blocks stored in GCP (US). Encrypted at rest (AES-256) and in transit (TLS 1.3).

    Cloud-enabled collaboration feature.

    Oz (cloud agent orchestration)Cloud agent platform / SDK + CLI

    data: Launches agents into the cloud (Warp-host or self-host). Self-hosting and 'own your data' positioning advertised for enterprise control.

    Newer platform; self-host option stated on marketing site.

    Warp EnterpriseEnterprise governance tier

    data: Adds Zero Data Retention, enforced SSO (Okta), domain verification, enforced telemetry/AI/secret-redaction controls, centralized governance, usage visibility, credit caps, DPA.

    Strongest compliance/data-control posture; required for ZDR.

    // What to watch

    • Privacy policy explicitly lists training/fine-tuning of models supporting AI features as a data-use purpose; AI prompt/input collection is on by default (user-controllable in settings).
    • Zero Data Retention is gated to the Enterprise plan only; free/Pro users do not get ZDR.
    • Privacy policy mentions sharing personal information with 'Advertising Partners' (note: marketing data, not stated to be customer code/prompts).
    • No public bug-bounty program found for the Warp.dev terminal (distinct from Cloudflare WARP).
    • ISO 27001 and HIPAA not claimed on vendor's own pages; data residency limited to US.

    // At a glance

    Pricing model

    Freemium: free tier, paid Pro, and Enterprise (contact sales). Open-source terminal core.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Warp (Denver Technologies, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.warp.dev

    > Browse all vendor trust reports