Certifications
HarborGuard is early in its journey. We are not currently engaged in any formal compliance audits and hold no third-party certifications yet. This page documents that honestly today, and will be updated as we begin and complete each program.
Current posture
| Framework | Status | Scope | Latest report |
|---|---|---|---|
| SOC 2 Type II | Not yet pursued — planned as we mature | HarborGuard SaaS platform and supporting infrastructure | None yet |
| ISO 27001:2022 | Not yet pursued — planned as we mature | Information security management system covering the SaaS platform | None yet |
| HIPAA | BAA not currently offered | — | — |
| PCI-DSS | Out of scope | HarborGuard does not store, process, or transmit cardholder data; Stripe handles all card data | N/A |
| FedRAMP | Not pursued | — | — |
| GDPR / UK GDPR | DPA available on request | EU and UK customer data | DPA on request |
| CCPA / CPRA | Aligned to CCPA / CPRA principles — see DPA addendum | California consumer data | DPA on request |
Requesting reports
Once formal audit reports, ISO certificates, penetration-test summaries, or signed DPAs are available, customers and prospects will be able to request them under a mutual NDA. To be notified when each artifact becomes available:
- Email
trust@harborguard.cofrom a corporate domain. - Tell us which artifact you are interested in tracking.
- We will reach out as soon as the artifact is issued.
We will publish bridge letters, audit reports, and certificates here as soon as they are issued. Until then, this page reflects the current state honestly rather than implying audits in flight.
Continuous monitoring
HarborGuard does not yet operate a formal continuous-controls-monitoring program. Adopting a GRC platform — and the controls evidence that comes with it — is part of the work that will accompany our first SOC 2 engagement.
Penetration testing
HarborGuard has not yet commissioned an independent third-party penetration test. We intend to do so as the product matures, and will publish a redacted summary here once the first engagement completes.