EGElitesgenfor Institutions
Trust · Certifications

Every badge. Every scope. Every expiration.

Some of what follows is a formal third-party certification. Some is a posture backed by contracts and controls. Some is planned for a future date. We label which is which.

Posture matrix

Each badge, laid out honestly.

If you are running this through a procurement rubric, every cell is answerable. Nothing is decorative.

SOC 2 Type II

Third-party audit (AICPA)

In progress
Issuer
Independent CPA firm (engagement in flight)
Covered
Security, Availability, Confidentiality trust service criteria across the production environment.
Not covered
Processing Integrity and Privacy criteria are not in the initial scope. Planned for the Type II renewal cycle.
Validity
Target first report 2026 Q3. Annual renewal thereafter.
Proof artifact
Draft controls and interim attestation available under NDA.

HIPAA aligned

Posture (not a certification)

Available
Issuer
Internal attestation, external review available
Covered
Administrative, technical, and physical safeguards for PHI. BAA executed before PHI enters the environment.
Not covered
HIPAA has no certifying body. A vendor claiming HIPAA certification is overstating the situation.
Validity
Continuous. Reviewed annually.
Proof artifact
BAA template and controls matrix available on request.

FERPA aligned

Posture (not a certification)

Available
Issuer
Internal attestation, external legal review
Covered
Education records handled under the school-official exception; data-sharing boundaries documented in the DPA.
Not covered
FERPA has no certifying body. Alignment is demonstrated through contract language and operational controls.
Validity
Continuous. Reviewed with each major K-12 or higher-ed release.
Proof artifact
Annual notification language and DPA excerpt available on request.

GDPR ready

Posture

Available
Issuer
Internal attestation; SCCs executable on demand
Covered
Records of processing, DPA published, Standard Contractual Clauses available, EU data residency optional.
Not covered
We are not a member of an EU-based certification scheme. SCC-based compliance is our current path.
Validity
Continuous. DPA template versioned on this site.
Proof artifact
DPA, SCCs, and transfer impact assessment template available on request.

US state privacy laws

Posture

Available
Issuer
Internal legal; tracked by jurisdiction
Covered
CCPA and CPRA, NY SHIELD Act, TX data privacy statutes, VA CDPA, and newer state laws as they take effect.
Not covered
We do not claim a single certification that covers all US state laws. Each jurisdiction gets its own review.
Validity
Continuous. Matrix refreshed as statutes pass or amend.
Proof artifact
Jurisdiction coverage letter available on request.

ISO 27001

Third-party certification

Planned
Issuer
Accredited certification body (TBD)
Covered
Information security management system certification against ISO 27001:2022.
Not covered
Not in scope before 2027. We will not display this badge until issued.
Validity
Target first issuance 2027. Three-year validity, annual surveillance.
Proof artifact
None until issued. No advance claims.
What we won't claim

The short list of things you will not find here.

  • We will not display badges we do not hold.
  • We will not claim scope that a badge does not cover.
  • We will not use the word “certified” for postures that are alignments, not audits.
  • We will not photograph paper certificates and frame them in the header.
Artifacts

Request the underlying documents.

Controls matrix, draft SOC 2 evidence, third-party pen test report, BAA, DPA, SCCs. All shareable under mutual NDA.

Email security@elitesgen.comSee the subprocessor list
Foundation-backed

Elitesgen, Inc. is wholly owned by Elites Generation Foundation, a 501(c)(3) whose charter legally forbids behavioral advertising and the sale of individual user data.

Visit elitesgen.org
Next step

Walk your security and legal teams through this.

We will join the call, answer diligence questions live, and follow up in writing within two business days.

Book a demoEmail security@elitesgen.com