SOC 2 Type II, audited annually.

Receptic AI maintains a SOC 2 Type II program covering the Security, Availability, and Confidentiality Trust Service Criteria. Our audits are conducted annually by an independent, AICPA-accredited firm.

The report describes the controls we operate to protect customer data, the design of those controls, and the auditor's opinion on their effectiveness over a continuous observation window.

The current report covers:

• The Receptic AI receptionist platform (calls, messaging, dashboard, APIs).
• Supporting cloud infrastructure (compute, storage, networking).
• Internal corporate systems used to administer the production environment.

Sub-processors are evaluated as part of our vendor management program but are audited under their own SOC 2 reports.

We complete a Type II audit each calendar year, with an observation window of at least 6 months. Between audits we run quarterly internal control reviews and continuous control monitoring through Vanta.

The audit examines, among others, controls for:

• Access provisioning, SSO with hardware-key 2FA, and timely deprovisioning.
• Change management, code review, and CI/CD security gates.
• Logging, monitoring, and incident response runbooks.
• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Vendor risk management and sub-processor due diligence.
• Background checks and security training for personnel.

Customers and prospects under NDA can request the latest SOC 2 Type II report and bridge letter. Email trust@receptic.ai with your company name and use case and we'll respond within two business days.

A short security overview deck is available without NDA on request.

SOC 2 sits alongside our broader compliance posture, including HIPAA BAA support on the Scale plan, GDPR readiness, and EU data residency on request. Details are covered in our Security page and Data Processing Addendum.