Compliance
SOC 2 Type II in progress, ISO 27001 planned, GDPR DPA available, generic sub-processor categories.
What it is
Current status (May 2026):
- SOC 2 Type II — observation period in progress; report expected Q4 2026.
- ISO 27001 — planned for 2027.
- PCI-DSS — readiness for payment workloads (we don't process card data directly; AIARCO sits in front of your payment surface).
- GDPR — DPA available on request (email legal@aiarco.com).
- HIPAA — Business Associate Agreement available on the Enterprise plan.
Sub-processor categories (generic, not vendor names):
- Managed cloud underlay — for compute capacity in regions we don't yet operate ourselves.
- Managed payments processor — for invoicing and credit-card collection.
- Managed identity provider — for dashboard SSO.
- Transactional email — for billing and account notifications.
- Observability vendor — for our own internal SRE telemetry.
A live list of named sub-processors is provided under DPA on request.
Audit evidence — every state change is logged (see Audit log); export is available to your compliance team.
Quickstart
# Request DPA / sub-processor list
echo 'mailto:legal@aiarco.com'client.audit.events.export(from_='2026-04-01', to='2026-04-30')await client.audit.events.export({ from: '2026-04-01', to: '2026-04-30' });API surface
POST /v1/audit/events/export(scope:audit:read)