Ironclad POS
ContactBook a demo
Ironclad POS|Trust Center

Security at Ironclad

Security and compliance for serious dispensary software.

Protecting customer data should be built into the product, the infrastructure, and the way the company operates. Ironclad is building its trust program around the controls and evidence buyers expect from regulated retail software.

security@ironcladpos.comPrivacy and data handling requests
Program status
SOC 1 Type IIReadiness program
SOC 2 Type IIReadiness program
HIPAASafeguards planning

Public claims should track completed controls and real evidence. Formal reports and certifications are not yet published.

Standards coverage

Program direction

SOC 1 Type II

Readiness program

Transaction, reconciliation, access, and change-management controls are being formalized for future auditor review.

SOC 2 Type II

Readiness program

Security, availability, logging, environment separation, and incident response controls are being built toward an operating evidence window.

HIPAA

Safeguards planning

Administrative and technical safeguards are being mapped for healthcare-adjacent workflows, with encryption at rest treated as a mandatory internal standard.

CCPA

Workflow buildout

Privacy notice, retention, rights handling, vendor review, and sensitive-data processes are being implemented for California readiness.

Resources

What can be reviewed

Security overview

Architecture boundaries, access model, encryption posture, monitoring approach, and the operating assumptions behind the trust program.

Available during review

AWS deployment guide

A compliance-grade guide for standing up backend, worker, database, and future AI services on AWS with hardened network and key-management controls.

In progress

Policy and register package

Access control, incident response, backup and restore, vendor review, retention, and subprocessor registers that back readiness claims with maintained artifacts.

Building now

Subprocessors

Register-backed preview
Amazon Web Services
Cloud infrastructure and managed security servicesUnited States

Compute, storage, key management, secrets management, backups, and core production hosting.

Cloudflare
Edge security and traffic protectionGlobal / United States

Perimeter security, delivery optimization, and protective controls at the edge.

Datadog
Operational monitoring and alertingUnited States

Infrastructure and application telemetry, alert routing, and compliance-relevant operational visibility.