skip to main content

← Back to Trust Center

Compliance status

Concrete targets per framework, not aspirational adjectives. Out-of-scope frameworks are explicit so procurement readers know upfront. Material changes ship via PR review and trigger a rebuild on merge.

Last updated: . Questions: admin@syncanix.com.

SOC 2 Type I

Planned

Evidence collection begins in the month after Syncanix launches commercially.

Target:
Q3 2026
Evidence:
Vanta

SOC 2 Type II

Planned

Continuous-monitoring window opens with Type I; report targeted ~9 months post-launch.

Target:
Q4 2026
Evidence:
Vanta

ISO 27001

Planned

70-80% control overlap with SOC 2; evidence collected concurrently.

Target:
Q4 2026
Evidence:
Vanta

EU AI Act — Article 50 (transparency)

In progress

AI-disclosure copy + persistent chat-header indicator translated into the 6 launch languages; review by EU privacy counsel pending pre-launch sign-off.

Target:
2 Aug 2026 (enforcement date)

GDPR — Data Processing Agreement

Available

DPA template + SCCs Module Two + UK ICO IDTA addendum + Swiss FADP rider. Reviewed by EU privacy counsel before each release.

CCPA / CPRA + 19-state superset

Available

Implemented to a GDPR + CCPA superset that maps to the 19 US state-level laws in force as of 2026-05.

HIPAA

Out of scope (v1)

Not supported in v1. No BAA available. AUP explicitly prohibits PHI. BAA + HIPAA-eligible AWS services planned for v2 if a healthcare deal materialises.

FedRAMP

Out of scope (v1)

Authorisation path is 18+ months and ~$500k. Deferred indefinitely; revisit when a federal procurement opportunity justifies.