Hey there. I wrote that Latacora SOC2 guide.
The short and most important answer I can give you to this question is that we aren’t currently SOC2 (it’s on our roadmap, but the number of months out it is depends a lot on whether customers drag us into it, because that’s the rational reason to get SOC2’d).
We’re happy to talk to auditors or to prospective customers or security teams or whatever about our security practices. If a prospective client of ours handed us a security questionnaire, we’d fill it out (and then probably turn the answers into a better /security web page, though that probably wouldn’t change the number of questionnaires we received). Generally: our answers to the kinds of questions that get asked on these things are pretty enterprise-security-team compatible.