Honest posture.
What's true today; what's next.
Acilox aligns our privacy program to major regulations and is investing in independent attestations. We do not claim certifications until an auditor-issued report is available to customers.
Privacy frameworks we align to.
Status reflects program alignment — not an attestation. Where independent assurance is required, see the Attestations section below.
| Framework | Status | Notes |
|---|---|---|
| GDPR (EU) | Program aligned | Data processing agreements available for business customers where applicable. |
| UK GDPR | Program aligned | UK addenda where required for transfers and roles. |
| India DPDP Act 2023 | Program aligned | Notices and rights workflows updated as guidance and the implementing rules evolve. |
| CCPA / CPRA (California) | Program aligned | California resident rights supported; we do not sell personal information. |
Independent assurance — in flight.
SOC 2 Type II
In progressAuditor engagement target Q3; report availability target Q1 next year. Dates are goals — we will update this page when the report is issued.
ISO 27001
PlannedWe are mapping controls to ISO 27001 as part of our broader ISMS work. No ISO certificate has been issued yet.
What is not in scope today.
HIPAA and PCI DSS are not currently in scope for Acilox's general product lines. If you have a regulated use case, open the sales contact form — we'll be direct about fit and contractual options.
Documentation requests
For DPAs, transfer mechanisms, and vendor questionnaires, open the privacy contact form. Include your company domain, product interest, and deadline — we prioritize active evaluations.