Posture

Certifications & Posture

We are direct about what we hold today and what is on the roadmap. Fidacy is notcurrently SOC 2 or ISO 27001 certified. Those are planned. We will not display a seal we don't hold or claim a date we can't commit to.

Certification roadmap

StandardStatus
SOC 2 Type IIPlanned. On our roadmap; not yet certified. Target date: contact us. No interim seal is implied.
ISO 27001Planned. On our roadmap; not yet certified. Target date: contact us.
No certifications claimed.Until an audit completes and a report is issued, Fidacy makes no SOC 2 or ISO 27001 representation. The security architecture described under Security stands on its own and is independent of certification status. For the current state of any certification effort, contact sales@fidacy.com.

PCI scope statement

Fidacy does not expand your PCI DSS scope. The engine never touches card numbers. The AP2 payment_instrument schema it receives carries only an id, a type, and a description, no PAN, no track data, no credential. Fidacy decides on signed mandates and risk_data, never on a primary account number, so adding Fidacy does not bring cardholder data into a new system.

Framework alignment (not certification)

Separately from certifications, Fidacy is built to provide evidence for the regulatory and threat-model frameworks below. These are alignment and positioning claims, detailed in Compliance & Regulatory.

  • ·EU AI Act-native; GDPR applies.
  • ·NIST AI RMF, Govern, Map, Measure, Manage mapping.
  • ·US Treasury FS AI RMF, evidence artifacts a deployer maps to its controls.
  • ·OWASP Agentic Top 10, the external-control threat model.
  • ·Colorado ADMT-ready (SB 26-189, effective Jan 1, 2027).

Corporate entity

Fidacy is operated by ZEEPCODE GROUP LLC, a Florida limited liability company. Master agreement, DPA, and any contractual SLA are available on request.