Certification status with clear evidence boundaries.

Review the current SOC 2, ISO, PCI, and HIPAA claim posture before enterprise procurement.

HexaFit publishes certification claims only after independent evidence is approved and available.

Certification status

Independent certification claims stay separate from readiness work.

HexaFit shows the current readiness posture now and publishes formal certification evidence only after it is independently approved.

Not certifiedSOC 2

Controls are mapped for readiness review, but no SOC 2 report is published.

Complete formal audit readiness and publish approved report status only after evidence exists.
Not certifiedISO 27001

Security review areas are mapped to familiar control language, but no ISO certificate is published.

Publish certificate details only after an approved independent certification exists.
Processor-scopedPCI

Payment processing scope is separated through HexaPay / Payzli and reviewed per merchant account.

Confirm processor and merchant responsibilities during payment onboarding.
No public claimHIPAA

HexaFit supports wellness and clinic workflows but does not publish a HIPAA compliance claim here.

Review clinic-specific workflow, data handling, and legal requirements before any health-data claim.