Compliance & Certifications
Our compliance posture is precise and auditable: we say what we comply with, what we are auditing toward, and what is out of scope.
Industry Standards
GS1 Digital Link
CompliantVeriTag URL payloads conform to the GS1 Digital Link standard for resolvable, identifier-bearing URIs.
EU Falsified Medicines Directive (FMD)
ReadyTag and event vocabularies aligned with FMD serialization and end-of-line verification expectations.
US DSCSA
ReadyLot-level traceability and chain-of-custody recording aligned with the US Drug Supply Chain Security Act.
Data Privacy
GDPR (EU)
CompliantData minimization, lawful basis tracking, DPIA-ready, DPO contactable. See our Privacy Policy for full disclosures.
Singapore PDPA
CompliantOperations and data handling aligned with the Singapore Personal Data Protection Act 2012.
Security Frameworks
NIST Cybersecurity Framework
CompliantEngineering and operations practices mapped to the NIST CSF Identify–Protect–Detect–Respond–Recover lifecycle.
OWASP ASVS
CompliantSDK and platform code reviews against OWASP Application Security Verification Standard.
SOC 2 Type II
In ProgressType II audit underway, expected report Q4 2026. Bridge letters available on request under NDA.
ISO/IEC 27001
In ProgressReadiness program in flight. Information Security Management System documented and being audited.
Hardware Partners
NXP NTAG 424 DNA
PartnerProduction silicon partner. All VeriTag labels are based on the NTAG 424 DNA chip family.
Need documentation?
Security whitepaper, SOC 2 bridge letters, and ISMS scope statements are available under NDA.
Contact compliance