SOC 2 Type II — in progress
We engaged an independent auditor at our incorporation phase. The Type II observation window runs over 6 months; we expect the first attestation report mid-2026.
In the meantime, our readiness letter (showing the controls we operate against the Trust Services Criteria) is available on request to active customers.
Trust Services Criteria addressed
- Security — change management, vulnerability management, encryption, access control
- Availability — incident management, monitoring, backups
- Confidentiality — tenant isolation, encryption-in-transit, encryption-at-rest
- Processing integrity — input validation, audit log, idempotency
- Privacy — GDPR + opt-in HIPAA controls