Hi - We do have our SOC2 Type I audit completed. We can send the report to customers on our Enterprise plans; these also require an NDA with us before we can share them (because auditors). If that’s something you want to talk about, shoot us a note at support@fly.io.
We do have a standard security questionnaire that we can share with customers on our Scale plan.
Our Security page documents our current practices, so that may be a good place to start. We also have a Healthcare Apps on Fly doc that details the controls we have in place to support HIPAA compliance. The HIPAA info is useful even for folks who aren’t running healthcare apps, because these controls are in place for our entire platform.
Hope that gets you started, and good luck with the process!