SOC 2 Type II
In progress — audit window opens Q3 2026
Type I bridge letter available under NDA. Type II report expected mid-2027 with a 12-month observation period.
Trust center
One place for the security and compliance details.
Reports, certifications, and the policies you need to put Perchy in front of legal and security review. Customer-facing documents are public; deeper artifacts are available under NDA.
Certifications
Where we stand today.
We don't list certifications we don't hold. The list below shows status honestly so you can plan your review.
ISO/IEC 27001
Planned 2027
Statement of Applicability is mapped against SOC 2 controls; gap assessment underway.
GDPR & UK GDPR
Operational
EU SCCs and UK IDTA available in our DPA. EU Article 27 representative listed in our DPA.
CCPA / CPRA
Operational
We do not sell or share personal information for cross-context behavioral advertising.
Public documents
Policies you can share with your reviewers.
Under NDA
What we share after we sign.
Pen-test summary
Most recent third-party penetration test executive summary.
SOC 2 bridge letter
Type I bridge letter while the Type II observation period runs.
Architecture diagram
Detailed data-flow diagrams for the routing layer and host bridge.
Security questionnaire
CAIQ Lite + custom questionnaire responses returned within five business days.