Security & compliance
How Acme protects your data
Everything your security team needs to review Acme — certifications, audited controls, documentation, and answers.
Certifications & frameworks
SOC 2 Type II
CompliantAudited annually by Prescott Assurance.
ISO 27001
In progressStage 2 audit scheduled Q4 2026.
GDPR
CompliantDPA with SCCs available. EU data residency on request.
HIPAA
Not applicableAcme does not process PHI.
Documents
Public documents download instantly. Gated documents require email verification — NDA-gated ones add a one-click NDA.
Security whitepaper
Architecture, encryption, and operational security overview
PublicDemo
SOC 2 Type II report
Full audit report, period ending March 2026
NDA requiredDemo
Penetration test summary — 2026
Third-party pen test summary and remediation status
NDA requiredDemo
Data processing agreement
Standard DPA with EU SCCs
Email-verifiedDemo
Subprocessors
| Vendor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | US |
| Stripe | Payment processing | US |
| Postmark | Transactional email | US |
FAQ
At rest with AES-256, in transit with TLS 1.2+.