Certifications

We are SOC 2 Type II certified, which means that our systems meet the industry standard for security as defined by the American Institute of Certified Public Accountants (AICPA), and emphasizes our commitment to protecting customer data. 

Macabacus’ hardware is hosted in a SOC 2 Type 2 compliant dedicated hosting environment which limits physical access to the network and provides constant physical security. Firewalls protect and restrict communication entering the network. We also employ Microsoft’s Azure platform and the Google Cloud Platform (GCP) to provide various services. Azure holds ISO-9001 and ISO-27001 certifications, among many others. GCP holds the ISO-27001 certification as part of their compliance offerings.

All credit card and bank account information is handled and stored, as applicable, by our PCI Level 1 compliant payment processor and payment gateways (Stripe and PayPal). PCI Level 1 compliance is the most stringent level of certification available in the payments industry. We do not handle or store sensitive payment information.

Below you can review our SOC 2 Opinion Letter issued by Johanson Group LLP: