2026-05-30
Public SOC 2 status page published with target timing, report availability, and no-certification disclaimer.
Public compliance status
SOC 2 Type II — IN PROGRESS
Leapable is preparing for SOC 2 Type II. Target Q3 2026. No completed SOC 2 certification is claimed, and no SOC 2 report is available yet.
This page is the public status record. A completed SOC 2 report, when available, will be
distributed under NDA unless a SOC 3-style public summary is later approved.
Public readiness milestones
These entries are readiness milestones, not a CPA audit opinion. They exist so customers can see what has been published and what remains pending.
2026-05-30
Self-hosted aiwonder deployment guide published for Elite on-prem review: /on-prem/.
2026-05-29
Security page published with current subprocessor list, local-first architecture, and public control evidence: /security/.
What customers can inspect now
Local-first data boundary
Private vault files live on the user's machine. Cloud OCR is transient and documented on the Security page.
No-training policy
Leapable does not train models on customer documents. Share Mode requires explicit per-publish affirmation.
Append-only audit architecture
Source records, chunk spans, hashes, and provenance are designed to be read back from durable state instead of trusted from UI claims.
Subprocessor register
Current subprocessors are published on the Legal page and referenced from the DPA template.
How to request security materials
For questionnaires, penetration-test summaries, architecture review, or DPA review, email security@leapable.ai. The DPA template is available at /legal/dpa/ and is marked counsel-review-required until legal approval is recorded.