Trust & compliance

The security posture, on one page.

Ultiblob is built for regulated workloads. This page documents the certifications, controls, and procurement artifacts your security team will ask for.

Request artifacts See platform status

SOC 2 Type II

audit in progress

report available Q3 2026

Trust Services Criteria for security, availability, and confidentiality. Under NDA review available today.

HIPAA BAA

available on signature

every healthcare engagement

Business Associate Agreement covering PHI workloads. Encryption, audit logging, RBAC, breach notification — by default.

PCI-DSS aware

controls in scope

per-engagement assessment

PCI-aware network segmentation, tokenization patterns, and quarterly scans available. SAQ-D supported.

ISO 27001

roadmap

2027 target

Information security management system framework. Gap assessment completed Q1 2026.

Security controls

The controls behind the certifications.

Encryption everywhere

AES-256 at rest on all storage tiers. TLS 1.3 in transit. BYOK and HSM-backed keys for Scale-tier customers.

Identity & access

MFA enforced for all employees. Just-in-time access for production. Quarterly access reviews. Customer SSO via SAML / OIDC.

Continuous monitoring

24/7 AI-operated NOC. Endpoint, network, and application telemetry to a SIEM. Auto-remediation for known signatures.

Vulnerability management

Daily container image scans. Quarterly external pen-tests. Monthly internal red-team exercises. CVE SLA: 24h critical, 7d high.

Audit & evidence

Every change reviewed, logged, and tied to a ticket. Change records retained 7 years. Customer-accessible audit log on request.

Data residency

Customer data never leaves DeSoto, TX or Flint, MI unless explicitly contracted. No cross-border replication without consent.

Procurement artifacts

Everything your security team needs.

Email info@ultiblob.com with your DPA / security questionnaire and an NDA — we typically return everything within one business day.

Security questionnaire (CAIQ-Lite pre-fill)On request

SOC 2 Type II report (interim)Under NDA

HIPAA Business Associate Agreement templateOn request

Master Service Agreement (MSA) templateOn request

Penetration test summary (most recent)Under NDA

Disaster recovery runbook (sanitized)Under NDA

Incident response planOn request

Subprocessor listPublic — see below

Subprocessors

Who else touches your data.

Subprocessor	Role	Region
Microsoft Corporation	Azure Local platform components	US
NVIDIA Corporation	GPU hardware (H100 / L40S)	US
Anthropic, PBC	Claude API for AI features	US
Cloudflare, Inc.	Edge, DDoS, DNS	US
Pure Storage, Inc.	Primary storage arrays	US
Veeam Software	Backup and replication	US

Trust

Send the questionnaire. We'll send the artifacts.

Most procurement reviews close in 2-3 business days from the first email. Bring your DPA, your security questionnaire, and your NDA — we'll do the rest.

Email support@ultiblob.com Book a call