Adapt is now SOC 2 Type II certified. Where our earlier Type I report confirmed our controls were designed correctly at a point in time, Type II proves they operate effectively over a sustained period — the standard most security and procurement teams look for before they trust a vendor with their data.
The audit was conducted by independent auditor MJD Advisors over a three-month window of real operational testing and resulted in a clean opinion: no exceptions, and no security incidents during the period.
What the audit covered
The report covers three Trust Services Criteria — Security, Availability, and Confidentiality — across the entire Adapt platform. Among the controls tested and confirmed:
- Your data is never used to train AI models. This policy was tested and verified as part of the audit.
- Isolated execution environments for every agent session, with no cross-organization data access.
- Least-privilege access controls scoped to each action.
- AES-256 encryption for credentials at rest and TLS 1.3 in transit.
- Network controls that block access to internal and cloud metadata endpoints.
- A full security program spanning access control, encryption, data retention, logging, incident response, and vendor management.
What's next
SOC 2 Type II isn't a one-time milestone. Adapt is now subject to continuous monitoring and an annual audit cycle, so these controls stay tested as the platform grows.
The full SOC 2 Type II report is available to security and procurement teams under NDA. Email security@adapt.com to request it, and see SOC 2 compliance for more on our security program.
