C
CARTIEAI
PricingTry free
Back to home
Compliance · Public commitment

SOC 2 Type I — in progress.

Honest status: we are not certified yet. Target report: June 15, 2026. This page is our public commitment + live controls dashboard + auditor selection — so your procurement team can vet us today, not 90 days from now.

For enterprise security questionnaires, our DPA / sub-processors list / pen-test summary are available at security@cartieai.com.

Implemented
21 / 32
66% of Trust criteria
In progress
9
closing by Apr 30
Planned
2
tracked, with owners
Target date
Jun 15
2026 · Type I report

Timeline

Jan 15, 2026
Security baseline policy adopted
Feb 1, 2026
Trust Services Criteria mapped to existing controls
Feb 16, 2026
Public commitment page published (you are here)
Apr 30, 2026
Type I audit window opens · 6-week formal review
Jun 15, 2026
SOC 2 Type I report issued
Dec 2026
SOC 2 Type II audit (6-month operating period)
Auditor selection
A-LIGN (AICPA-licensed CPA firm)
Selected for their experience with venture-stage SaaS + multi-tenant data isolation patterns. Engagement letter signed Feb 5, 2026.
AICPA member100+ SaaS Type I reports issuedTrust Services Criteria 2017

Trust Services Criteria · live status

All 5 Trust Services Categories (Security · Availability · Processing Integrity · Confidentiality · Privacy) mapped to 32 controls.

CC1 — Control Environment

CC1.1Code of Conduct & ethical standards documented
implemented
CC1.2Board-level security oversight committee
implemented
CC1.3Org structure & responsibility matrix
implemented
CC1.4Personnel commitment to competence (background checks, training)
implemented
CC1.5Accountability for security responsibilities
implemented

CC2 — Communication & Information

CC2.1Internal security communication channel (#security)
implemented
CC2.2External-customer security communications policy
implemented
CC2.3Information system documented & versioned
in progress

CC3 — Risk Assessment

CC3.1Annual security risk assessment with tracked findings
implemented
CC3.2Threat modeling at design phase
implemented
CC3.3Vendor risk review (cloud, SaaS, contractors)
in progress
CC3.4Fraud risk assessment (financial flows in Sub-system Z)
in progress

CC4 — Monitoring

CC4.1Sentry error monitoring across all services
implemented
CC4.2Continuous deviation monitoring + alerts
implemented
CC4.3Independent security review (quarterly)
planned q3

CC5 — Control Activities

CC5.1Documented control library aligned to Trust Services Criteria
in progress
CC5.2Tech & physical access controls (Cloudflare, MFA, hardware-keys for admins)
implemented

CC6 — Logical & Physical Access

CC6.1MFA enforced for all internal users + admin endpoints
implemented
CC6.2Role-based access control + tenant isolation (per-org MongoDB scope)
implemented
CC6.3Quarterly access reviews + immediate offboarding
implemented
CC6.4Encrypted-at-rest secrets (Fernet) + encrypted-in-transit (TLS 1.3)
implemented
CC6.6External threat intelligence + WAF
implemented
CC6.7Data classification (Public / Internal / Confidential / Restricted)
in progress
CC6.8Malware detection & EDR on production endpoints
in progress

CC7 — System Operations

CC7.1Infrastructure-as-code + change-management workflow (PR + signed contracts)
implemented
CC7.2Incident response runbooks + tabletop exercises
in progress
CC7.3Sentry-fed incident detection + PagerDuty escalation
implemented
CC7.4Backup & restore tested (MongoDB Atlas continuous backups)
implemented
CC7.5Disaster recovery RTO < 4h, RPO < 15min documented & tested
in progress

CC8 — Change Management

CC8.1All production changes go through reviewed PRs + Budget Negotiator™
implemented

CC9 — Risk Mitigation

CC9.1Cyber-insurance policy with breach response coverage
planned q2
CC9.2Vendor security questionnaire flow (DPA, SOC reports, sub-processors list)
in progress

Need our security packet today?

Enterprise procurement teams: we have DPA, sub-processor list, latest pen-test executive summary, and bridge letter ready under NDA. Reach out below.

security@cartieai.com Security center

We value your privacy. Cookies help us improve your experience. Learn more

Install CARTIE AI

Add to your home screen for quick access and offline support