Yes. Triple maintains an annual SOC 2 Type II report covering Security, Availability, and Confidentiality, audited by an independent licensed CPA firm. The current report is available under NDA.

Triple's controls are designed to align with the HIPAA Security Rule. However, the Service is not designed to store protected health information, and customers should not upload PHI to the Service.

Customer data is stored in SOC 2-attested cloud environments in North America. Triple operates from Ontario, Canada, and processes data on behalf of customers in both Canada and the United States.

Email ben@usetriple.com with your name, organization, and which documents you need. We respond within a few business days.