Information security attestation·External CPA firm (engagement TBD)

SOC 2 Type II

Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) covering the Next.js platform, Postgres tenant data plane, payment orchestration, and identity stack.

In progressRenewal: annualOwner: ciso

Status & key dates

Status: In progress
Issued on: Not yet issued
Expires on: —
Renewal cadence: annual

No issued attestation yet. ZenoXCare only marks this status as Active once a third-party auditor has signed and dated the report — never before.

Scope & framework coverage

Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) covering the Next.js platform, Postgres tenant data plane, payment orchestration, and identity stack.

Satisfies coverage for these regulatory frameworks

SOC2

Underlying standard

SOC 2 (Trust Services Criteria)

AICPA

Reporting framework on controls relevant to Security, Availability, Confidentiality, Processing Integrity, and Privacy of a service organisation.

View →

Frequently asked

What is SOC 2 Type II?: SOC 2 Type II is issued by External CPA firm (engagement TBD). ZenoXCare scope: Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) covering the Next.js platform, Postgres tenant data plane, payment orchestration, and identity stack.
Is ZenoXCare SOC 2 Type II-certified?: SOC 2 Type II is in active engagement — the audit is underway but not yet issued. ZenoXCare's truth-in-marketing rule: a certification is never represented as Active without a signed report on file (build-time guard verify:certifications-registry blocks this).
What is the renewal cadence for SOC 2 Type II?: SOC 2 Type II is renewed on a annual cadence. The accountable owner role is ciso. Upcoming-renewal alerts trigger automatically via the compliance-expiry-sweep cron when the issued date is on file.
What regulatory frameworks does SOC 2 Type II satisfy coverage for at ZenoXCare?: SOC 2 Type II contributes coverage for the following regulatory framework ids: SOC2. The framework allowlist is locked in lib/regulatory/framework-ids.ts.

Every detail on this page comes from a single authoritative record kept by the ZenoXCare compliance team — the same record auditors review. A status only becomes Active once a third-party auditor has signed the report. See the full standards & compliance overview for posture across every framework, or request the audit pack for evidence under NDA.

← All certifications Global standards & compliance

Loading certification details…

Frequently asked

What is SOC 2 Type II?

SOC 2 Type II is issued by External CPA firm (engagement TBD). ZenoXCare scope: Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy) covering the Next.js platform, Postgres tenant data plane, payment orchestration, and identity stack.

Is ZenoXCare SOC 2 Type II-certified?

SOC 2 Type II is in active engagement — the audit is underway but not yet issued. ZenoXCare's truth-in-marketing rule: a certification is never represented as Active without a signed report on file (build-time guard verify:certifications-registry blocks this).

What is the renewal cadence for SOC 2 Type II?

SOC 2 Type II is renewed on a annual cadence. The accountable owner role is ciso. Upcoming-renewal alerts trigger automatically via the compliance-expiry-sweep cron when the issued date is on file.

What regulatory frameworks does SOC 2 Type II satisfy coverage for at ZenoXCare?

SOC 2 Type II contributes coverage for the following regulatory framework ids: SOC2. The framework allowlist is locked in lib/regulatory/framework-ids.ts.

ZenoXCare — marketing

SOC 2 Type II

Status & key dates

Scope & framework coverage

Underlying standard

Frequently asked

SOC 2 Type II

Status & key dates

Scope & framework coverage

Underlying standard

Frequently asked