Security and compliance for serious dispensary software.

Protecting customer data should be built into the product, the infrastructure, and the way the company operates. Ironclad is building its trust program around the controls and evidence buyers expect from regulated retail software.

security@ironcladpos.com Privacy and data handling requests

Program status

SOC 1 Type IIReadiness program

SOC 2 Type IIReadiness program

HIPAASafeguards planning

Public claims should track completed controls and real evidence. Formal reports and certifications are not yet published.

Standards coverage

Program direction

SOC 1 Type II

Readiness program

Control mapping, evidence collection, and operating discipline are being built toward formal assessment.

SOC 2 Type II

Readiness program

Security, availability, access, logging, and change-management controls are being designed for audit review.

HIPAA

Safeguards planning

Administrative and technical safeguards will be implemented where healthcare-adjacent workflows require them.

PCI scope

Minimize by design

Payment architecture should keep sensitive cardholder scope narrow and provider-bound wherever possible.

Resources

What can be reviewed

Security overview

Architecture, environment boundaries, access model, monitoring approach, and how trust controls are being built into the platform.

Available during review

Compliance roadmap

The control matrix and evidence plan guiding SOC 1, SOC 2, HIPAA, and PCI-conscious implementation work.

In progress

Policy package

Access control, change management, incident response, backup and recovery, vendor review, and retention policies.

Planned

Subprocessors

Initial preview

Amazon Web Services

Cloud infrastructureUSA

Application hosting, storage, and core infrastructure services.

Cloudflare

Edge securityGlobal / USA

Traffic filtering, delivery, and perimeter protection.

Datadog

MonitoringUSA

Infrastructure and application observability.