Controls are mapped for readiness review, but no SOC 2 report is published.
Complete formal audit readiness and publish approved report status only after evidence exists.Certification status with clear evidence boundaries.
Review the current SOC 2, ISO, PCI, and HIPAA claim posture before enterprise procurement.
HexaFit publishes certification claims only after independent evidence is approved and available.
Certification status
Independent certification claims stay separate from readiness work.
HexaFit shows the current readiness posture now and publishes formal certification evidence only after it is independently approved.
Security review areas are mapped to familiar control language, but no ISO certificate is published.
Publish certificate details only after an approved independent certification exists.Payment processing scope is separated through HexaPay / Payzli and reviewed per merchant account.
Confirm processor and merchant responsibilities during payment onboarding.HexaFit supports wellness and clinic workflows but does not publish a HIPAA compliance claim here.
Review clinic-specific workflow, data handling, and legal requirements before any health-data claim.