Does CertifiedData have SOC 2 or ISO 27001 today?

This page does not claim SOC 2 or ISO 27001 certification. Use the status table and procurement packet for current posture.

Does CertifiedData guarantee AI Act compliance?

No. CertifiedData provides evidence infrastructure that supports compliance-readiness. Legal compliance depends on the customer system, use case, governance program, and counsel review.

Trust · Compliance documents

Compliance documents for AI evidence procurement

Compliance teams need to know how CertifiedData handles data processing, subprocessors, security posture, and AI Act evidence responsibilities before they start evaluation.

This page is designed for procurement and legal review. It is intentionally honest about current certification status and separates evidence infrastructure from legal compliance guarantees.

Request procurement packet Download evidence bundle Trust center

Document packet

Documents customers usually request first

Data Processing Addendum

DPA for customers processing personal data through CertifiedData services.

Request from procurement ->

GDPR processor terms

Processor-role terms covering instructions, confidentiality, subprocessors, assistance, and deletion/return workflows.

Request terms ->

AI Act evidence terms

Terms describing CertifiedData's evidence infrastructure role: signed records, artifact provenance, verification, and limitations.

Request terms ->

Security overview

Summary of encryption, access control, audit logging, key management, and production security posture.

Open trust center ->

Subprocessors

Current subprocessor list for review

Review this list before publishing. It reflects the currently observed platform services and should be kept in sync with production configuration and customer contracts.

Subprocessor	Purpose	Location note
Supabase	Authentication, database, and related platform services	United States / EU options vary by configuration
Railway	Application hosting and deployment infrastructure	United States / region depends on deployment
Stripe	Payment processing and subscription billing	Global
Resend	Transactional email delivery	United States / global routing
PostHog	Product analytics and event measurement	Cloud region depends on configuration

Certification and compliance status

Status table for procurement review

SOC 2

Not certified yet

Controls roadmap in progress; provide security overview and architecture notes during procurement.

ISO 27001

Not certified yet

Management-system certification not currently claimed.

EU AI Act

Evidence infrastructure

CertifiedData supports audit-readiness evidence; it does not guarantee legal compliance.

GDPR

Processor support

DPA and processor terms available for customer review.

Important limitation

CertifiedData provides evidence infrastructure, not legal certification.

Signed records, hashes, signatures, artifact certificates, and evidence bundles help teams prove what happened and detect tampering. They do not prove that an AI system is lawful, fair, accurate, unbiased, or compliant on their own. Those determinations require the customer's governance program and legal review.