Trust, Tested Over Time: Adclear is SOC2 Type II Certified

Every company that handles customer data eventually has the same conversation with itself: how do we prove that our customers' information is safe with us?

‍

Today we're sharing the answer we landed on. Adclear has achieved SOC2 certification, the result of more than a year of work across our engineering and product team.

‍

This post is partly an announcement, partly an explainer, and partly a thank-you. If you've ever found yourself nodding along to the phrase "SOC 2 compliant" without entirely knowing what it means, we wrote this for you too.

‍

What SOC 2 Type II actually means

If you've never had to sit through a vendor security review, the acronym salad can feel impenetrable. So here's the short version.

‍

SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA). It isn't a checkbox you tick or a logo you license - it's an independent audit performed by a third-party CPA firm that examines how an organisation handles customer data across five "Trust Services Criteria":

‍

• Security - are systems protected from unauthorised access?
• Availability - are they reliably accessible when customers need them?
• Processing integrity - do they do what they're supposed to do, completely and accurately?
• Confidentiality - is sensitive data kept confidential?
• Privacy - is personal information handled appropriately?

‍

There are two flavours of SOC 2 report. A Type I report describes an organization's controls and evaluates their design at a single moment in time - essentially a snapshot. A Type II report goes much further: it examines whether those controls actually operate effectively over a sustained period, typically six to twelve months.

‍

Type II is the harder one. It's also the one that matters most, because it answers a question Type I can't: not just "did you have good controls on the day you were audited?" but "did you live by them, day in and day out, for the better part of a year?"

‍

Why we chose to go straight to Type II

We could have stopped at Type I. Plenty of companies do, and there's nothing wrong with that as a starting point. We chose to pursue Type II because of what our customers are actually asking us when they ask about security: can we trust you over time?

‍

A certification stamped on a single Tuesday doesn't really answer that. A report covering nine months of operations does.

‍

It also forced a different kind of internal discipline. Type II compliance isn't something you achieve and walk away from - it's something you live. Every quarter, every code change, every new hire, every access request: the controls have to hold. That's a much higher bar than passing one audit, and it's the one we wanted to meet.

‍

What this means for you, our customers

If you're an Adclear customer, here's what changes - and what doesn't.

‍

What changes. When your security or procurement team asks for documentation, we can hand over a SOC 2 Type II report signed by an independent auditor. No more "trust us, we have controls" - you'll have third-party verification of how we protect your data, evaluated over a real, multi-month observation window.

‍

What doesn't change. Our underlying commitment to your security. We didn't suddenly start caring about this when the audit began. SOC 2 Type II is the documentation of how we've been working - formalised, scrutinised, and verified by an outside firm.

‍

"Our customers entrust us with sensitive data, and this certification gives them independent assurance that we treat that responsibility with the seriousness it deserves."

— Cameron Ward, Chief Technology Officer

‍

A thank-you, and what's next

Earning SOC 2 Type II takes a village. Thank you to the Adclear team members who built and lived the controls that made this possible. Thank you to our auditing partner for the rigour and patience. And thank you to our customers, whose trust set the bar in the first place.

‍

This isn't an endpoint. Security is a moving target - threats evolve, our platform evolves, our customers' expectations evolve. We'll continue to invest in the people, processes, and technology that keep your data safe, and we'll keep being transparent about how. SOC 2 Type II is now part of how we operate, not a milestone we visit once.

‍