AIARCOASC Docs

Compliance

SOC 2 Type II in progress, ISO 27001 planned, GDPR DPA available, generic sub-processor categories.

What it is

Current status (May 2026):

  • SOC 2 Type II — observation period in progress; report expected Q4 2026.
  • ISO 27001 — planned for 2027.
  • PCI-DSS — readiness for payment workloads (we don't process card data directly; AIARCO sits in front of your payment surface).
  • GDPR — DPA available on request (email legal@aiarco.com).
  • HIPAA — Business Associate Agreement available on the Enterprise plan.

Sub-processor categories (generic, not vendor names):

  • Managed cloud underlay — for compute capacity in regions we don't yet operate ourselves.
  • Managed payments processor — for invoicing and credit-card collection.
  • Managed identity provider — for dashboard SSO.
  • Transactional email — for billing and account notifications.
  • Observability vendor — for our own internal SRE telemetry.

A live list of named sub-processors is provided under DPA on request.

Audit evidence — every state change is logged (see Audit log); export is available to your compliance team.

Quickstart

# Request DPA / sub-processor list
echo 'mailto:legal@aiarco.com'
client.audit.events.export(from_='2026-04-01', to='2026-04-30')
await client.audit.events.export({ from: '2026-04-01', to: '2026-04-30' });

API surface

  • POST /v1/audit/events/export (scope: audit:read)