Certifications
Where we stand, honestly
What is certified, what is self-assessed, which frameworks we align with, and what is on the roadmap — labeled exactly as it is.
Certifications & compliance posture
- PCI DSS Level 1Certified — held by Stripe, our payment processor– Payment processing
- NACHA rulesCompliant (self-assessed)– ACH payments
- GDPRCompliant (self-assessed)– EU data protection
- CCPACompliant (self-assessed)– California privacy
Framework alignment
We follow these control frameworks but are not certified.
- SOC 2Aligned — not certifiedWe are not SOC 2 certified but follow controls aligned with SOC 2 Type II (e.g. encryption, access control, audit logging, incident response).
- NIST Cybersecurity FrameworkAligned — not certifiedWe follow NIST CSF–aligned practices across Identify, Protect, Detect, Respond, and Recover (risk identification, access control, encryption, monitoring, incident response).
- CIS ControlsAligned — not certifiedWe align with CIS Controls for security hardening, inventory, access management, and secure configuration.
- ISO 27001Aligned — not certifiedWe are not ISO 27001 certified but follow controls aligned with ISO 27001 (information security management, risk assessment, access control, cryptography).
- PCI DSSAligned — not certifiedPayment card data is processed via Stripe (PCI DSS Level 1); we do not store card data and follow PCI DSS–aligned practices for the systems we control.
For regulatory regimes (GDPR, CCPA, NACHA) and our third-party data processors, see Compliance.
Roadmap
- SOC 2 Type II certificationPlanned
- ISO 27001Planned
- HIPAA compliancePlanned– For healthcare clients
- Third-party penetration testingPlanned
Security testing
- Automated vulnerability scanningContinuous
- Third-party penetration testingPlanned
Start running your contracts the modern way.
Build, send, e-sign, and manage every MSA and SOW in one platform — start today, no demo required.
Free trial • Cancel anytime • No long-term contract