The certifications we hold.
What we maintain, what's in flight, and how to get the report.
SOC 2 Type II
Annual audit covering Security, Availability, Confidentiality. Most recent audit completed 2025-12-09 with zero findings. Report available under NDA on request.
GDPR
EU/EEA-compliant operations with a designated DPO. Standard Contractual Clauses and EU-US Data Privacy Framework certification active. Customer DPAs available on signature.
PCI DSS
Level 1 service provider scope for payment surfaces. Annual ROC, quarterly ASV scans, segmented cardholder data environment.
ISO 27001
Stage 1 audit complete. Stage 2 scheduled Q3 2026. Internal ISMS aligned to the 2022 controls.
DPF (EU-US Data Privacy Framework)
Active certification. Allows lawful transfer of personal data from the EU to the US under the framework's principles.
TX-RAMP / FedRAMP
TX-RAMP under review for State of Texas customers. FedRAMP not currently in scope; we'll publish if that changes.
Need a specific report?
SOC 2 reports, DPAs, security questionnaires — request from our security team.