Compliance
Last reviewed: 2026-04-20 · v2.2.1-D
Framework coverage
| Framework | Status | Notes |
|---|---|---|
| SOC 2 Type II | In progress | Observation window Q1 2026; report Q3 2026. |
| ISO 27001 | Roadmap | Gap assessment complete; certification H2 2026. |
| HIPAA | BAA available | Enterprise tier; PHI-path isolation. |
| PCI DSS | SAQ-A | Stripe hosted fields; no card data on ARIA. |
| GDPR / CCPA / PIPEDA / UAE-PDPL | In production | See Data Protection page. |
| EU AI Act | Art 13 conformant | See AI Governance page. |
Audit artefacts on request
- SOC 2 bridge letter (signed NDA required)
- Penetration-test executive summary
- Subprocessor register with data categories
- Record of Processing Activities (Art 30) extract
Email compliance@simplification.io.