{"updatedAt":"2026-07-01","note":"HexaFit does not publish certification badges or audit claims until independent evidence exists.","certifications":[{"name":"SOC 2","status":"Not certified","evidence":"Controls are mapped for readiness review, but no SOC 2 report is published.","nextStep":"Complete formal audit readiness and publish approved report status only after evidence exists."},{"name":"ISO 27001","status":"Not certified","evidence":"Security review areas are mapped to familiar control language, but no ISO certificate is published.","nextStep":"Publish certificate details only after an approved independent certification exists."},{"name":"PCI","status":"Processor-scoped","evidence":"Payment processing scope is separated through HexaPay / Payzli and reviewed per merchant account.","nextStep":"Confirm processor and merchant responsibilities during payment onboarding."},{"name":"HIPAA","status":"No public claim","evidence":"HexaFit supports wellness and clinic workflows but does not publish a HIPAA compliance claim here.","nextStep":"Review clinic-specific workflow, data handling, and legal requirements before any health-data claim."}]}