SOC 2 and HIPAA certifications
Paperpile is committed to meeting industry security standards. We're currently GDPR compliant and working toward SOC 2 Type II certification and HIPAA compliance in 2026. This article explains our compliance status, security practices, and how to access documentation for vendor reviews.
Security and compliance at Paperpile
| Compliance framework or process | Status | Notes |
|---|---|---|
GDPR | Compliant | Our data collection practices are fully GDPR compliant. Contact support@paperpile.com if your organization needs a Data Processing Agreement. |
Penetration tests | Annual | |
AWS Foundational Technical Review | In progress | We adhere to AWS’s best practices for system architecture, change management, and security controls. This review includes many controls that map to CIS benchmarks and SOC 2 framework. |
SOC 2 | In progress | [Update Jan 2026] We have a goal of starting a SOC 2 type 2 audit in 2026. |
HIPAA | In progress | [Update Jan 2026] We have a goal of HIPAA attestation and being available to sign BAAs in 2026. |
Paperpile trust center
Paperpile is working with Vanta, the compliance platform used by major health systems, tech companies, and academic institutions, to pursue a SOC 2 type 2 certification in 2026.
You can learn more about Paperpile’s compliance progress in our Trust Center portal: Paperpile Trust Center