Cache

Compliance

Enterprise-grade compliance for financial data.

Cache maintains rigorous compliance standards to meet the requirements of regulated industries and enterprise security teams.

Last updated: February 2026
Contents

1. SOC 2 Type II

Cache has completed a SOC 2 Type II audit conducted by an independent third-party auditor. The audit evaluated our controls across the Trust Services Criteria for Security, Availability, and Confidentiality over a 12-month observation period.

Our SOC 2 report covers:

  • Organization and management controls
  • Communications and information security
  • Risk management and design of controls
  • Monitoring of controls and logical access
  • System operations and change management

The full SOC 2 Type II report is available to customers and prospects under NDA. Contact security@usecache.com to request a copy.

2. GDPR Compliance

Cache complies with the General Data Protection Regulation (EU) 2016/679 for all personal data processed on behalf of EU/EEA data subjects. We operate as a data processor when handling financial data on behalf of our customers.

Data subject rights

We support the exercise of all data subject rights including access, rectification, erasure, restriction, portability, and objection. Requests are processed within 30 days of receipt.

Data Protection Officer

Our DPO can be reached at dpo@usecache.com. We maintain records of processing activities and conduct regular Data Protection Impact Assessments.

3. CCPA Compliance

Cache complies with the California Consumer Privacy Act and the California Privacy Rights Act. California residents have the right to know what personal information we collect, request its deletion, and opt out of its sale.

Cache does not sell personal information. We do not use financial data for advertising purposes. All consumer rights requests can be submitted to privacy@usecache.com.

4. PCI DSS

Cache does not directly process, store, or transmit payment card data. Bank connections are facilitated through Plaid, which maintains PCI DSS Level 1 compliance. Payment processing for subscriptions is handled by Stripe, also PCI DSS Level 1 certified.

This architecture ensures that cardholder data never enters our infrastructure, minimizing risk and simplifying our compliance posture.

5. Data residency

By default, all customer data is stored in AWS US-East-1 (Virginia). For enterprise customers with specific data residency requirements, we offer:

  • EU data residency (AWS EU-West-1, Ireland)
  • Single-tenant deployment options
  • Customer-managed encryption keys
  • Data processing agreements with Standard Contractual Clauses for cross-border transfers

6. Audit reports

The following reports and documentation are available upon request:

  • SOC 2 Type II report (under NDA)
  • Penetration test executive summary (annual, third-party)
  • Vulnerability assessment report
  • Business continuity and disaster recovery plan summary
  • Data Processing Agreement (DPA)

To request any of the above, contact security@usecache.com.