TinyDocx Back to tinydocx.com →

Trust Center

Security, compliance, and privacy documentation for TinyDocx.

SOC 2 Type II · In Audit HIPAA · In Audit System · Operational

Compliance Posture

SOC 2 Type II In Audit Details →
HIPAA In Audit Details →

TinyDocx is currently undergoing SOC 2 Type II and HIPAA audits. Certificates will be published here on completion.

Framework Progress

Framework Controls Automated Tests Documents
SOC 2 Type II 70 / 7198.6% 82 / 8497.6% 37 / 37100%
HIPAA 72 / 7398.6% 65 / 65100% 23 / 2495.8%

Live figures from the TinyDocx compliance program. Progress reflects work-in-flight; final attestation is issued by the auditor on completion.

Data Handling

Data we process
  • Document content uploaded by customers
  • Account metadata (email, organization, billing)
  • Usage telemetry
Data we do not process
  • Payment card data
  • Personal health information unless under signed BAA
  • Biometric data
  • Children's data

Subprocessors

View full list →
Amazon Web Services
Infrastructure hosting
US
Google
Workspace email and document hosting
US

FAQ

Where is TinyDocx data hosted?
TinyDocx hosts all customer data on Amazon Web Services in the United States (us-east-1).
How is data encrypted?
TODO: Confirm specifics. Draft: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Does TinyDocx use customer data to train AI models?
No. TinyDocx never uses customer data to train AI models.
Can I sign a Business Associate Agreement (BAA)?
Yes. BAAs are available for MemoryBook customers who handle Protected Health Information. Email security@tinydocx.com to request one.
How do I report a security vulnerability?
See our Vulnerability Disclosure Policy, or email security@tinydocx.com.
How can I request a security review or questionnaire response?
Email security@tinydocx.com. Pre-filled CAIQ / SIG Lite responses are available in the index above.

Security questions? Email security@tinydocx.com.
To report an ethics or compliance concern, use the confidential Whistleblower Hotline.