Compliance

Compliance

What we have today, what we are working toward, and how each framework applies.

Current Controls

  • Encryption at Rest
  • TLS Encryption
  • Passkeys
  • MFA
  • RBAC
  • Audit Logging

Planned Controls

In progress—not yet achieved.

  • SOC 2 Type I readiness
  • SOC 2 Type II readiness
  • HIPAA support planning
  • Enterprise compliance program

Coming soon

Not published yet. Email [email protected] if you need one for a vendor review.

Security Whitepaper

planned

Encryption, access control, and how coThink runs in production.

Architecture Overview

planned

BYOM workspace layer, data flows, and integration boundaries.

SOC 2 Reports

planned

Audit reports when certifications are completed.

Penetration Test Summaries

planned

Executive summaries from third-party assessments.

BAA

planned

Business Associate Agreement documentation for eligible deployments.

Vendor Security Package

planned

Policies and security docs bundled for vendor reviews.

Compliance

GDPR

Policy aligned

EU personal data handling commitments documented in our Privacy Policy and Data Processing Addendum.

CCPA / CPRA

Policy aligned

California privacy rights and disclosures described in our Privacy Policy.

SOC 2 Type I

Readiness in progress

Point-in-time assessment of security control design.

SOC 2 Type II

Roadmap

Independent attestation of operating effectiveness of security controls over time.

HIPAA

Planning

Healthcare data handling support and BAA availability for eligible deployments.

ISO 27001

Roadmap

Information security management system certification.

Contact security & compliance · Data Processing Addendum · Subprocessors · Controls