SOC 2 Compliance

What is SOC 2?

SOC 2 is an audit report developed by the American Institute of CPAs (AICPA). The audit evaluates controls related to security, availability, processing integrity, confidentiality, and privacy of a system. There are two types of SOC 2 reports:

• Type I: checks if a company is compliant at a point in time.
• Type II: confirms that a company is still compliant during an observation window (typically 6 months).

MailMart is SOC 2 Type II compliant.

Why is SOC 2 important?

SOC 2 is not mandatory in a legal sense, and certification isn't required by law. Still, we believe that SOC 2 is crucial because it encourages companies to have solid controls in place to protect customer data. For us, this isn't a short-term growth play but the beginning of a long-term security investment. We're building email infrastructure that AI agents and developers can trust.

Who manages MailMart's compliance?

MailMart uses Delve as our trust management platform to monitor, collect, and submit evidence to auditors. Our compliance program is managed continuously through Delve's automated monitoring system, ensuring we maintain security best practices at all times.

When were you audited?

The reporting period is from Aug 2025 to Nov 2025. We conduct regular audits to maintain our compliance status and ensure our security controls remain effective.

How can I access the SOC 2 report?

You can access our comprehensive trust center at: trust.delve.co/mailmart

Our trust center includes:

• SOC 2 Type II Report (available on request)
• SOC 2 Type I Report (available on request)
• HIPAA Compliance documentation
• Business Continuity and Disaster Recovery plans
• 93 documented security controls across multiple categories