eInvoicePro.ai has successfully completed a SOC2 Type II audit conducted by an independent third-party auditor. Our report demonstrates compliance with security, availability, processing integrity, confidentiality, and privacy controls.
SOC2 (Service Organization Control 2) is an auditing standard developed by the American Institute of CPAs (AICPA) that evaluates the effectiveness of a company security posture over a period of time (typically 6-12 months). Type II reports provide evidence that controls are not only designed properly, but are operating effectively.
Our SOC2 Type II audit covers the five Trust Service Criteria:
January 1, 2025 - December 31, 2025
Independent third-party CPA firm
SOC2 Type II (all five Trust Service Criteria)
Clean opinion with no exceptions
Multi-factor authentication, role-based access control, password policies, session management, and privileged access management for administrative functions.
256-bit AES encryption at rest for all invoice data, TLS 1.3 for data in transit, secure key management, and encrypted backups.
24/7 security monitoring, automated intrusion detection, comprehensive audit logging, and quarterly log reviews.
Automated backups every 6 hours, point-in-time recovery for 30 days, encrypted backup storage, and tested disaster recovery procedures.
Formal change approval process, code review requirements, automated testing in CI/CD pipeline, and rollback procedures.
Documented incident response plan, quarterly incident response drills, breach notification procedures, and post-incident reviews.
The full SOC2 Type II report contains sensitive information about our security controls and is available under NDA to:
To request access to our SOC2 Type II report:
International standard for information security management systems (ISMS). Certified annually.
View Security Page →Full compliance with EU General Data Protection Regulation including data subject rights.
View GDPR Policy →Contact our security team for questions about our SOC2 report or security practices.