Trust center for enterprise review.

Open the security, data, vendor, status, and legal review paths before procurement starts.

HexaFit publishes review artifacts and framework mapping without claiming certifications before approved evidence exists.

Trust center

Procurement proof buyers can open before legal .

HexaFit keeps security review simple: plain review areas, visible operating cadence, and downloadable architecture evidence before formal certifications are available.

Certification status

Independent certification claims stay separate from readiness work.

HexaFit shows the current readiness posture now and publishes formal certification evidence only after it is independently approved.

Not certifiedSOC 2

Controls are mapped for readiness review, but no SOC 2 report is published.

Complete formal audit readiness and publish approved report status only after evidence exists.
Not certifiedISO 27001

Security review areas are mapped to familiar control language, but no ISO certificate is published.

Publish certificate details only after an approved independent certification exists.
Processor-scopedPCI

Payment processing scope is separated through HexaPay / Payzli and reviewed per merchant account.

Confirm processor and merchant responsibilities during payment onboarding.
No public claimHIPAA

HexaFit supports wellness and clinic workflows but does not publish a HIPAA compliance claim here.

Review clinic-specific workflow, data handling, and legal requirements before any health-data claim.

Status and SLA visibility

A visible health path before a formal uptime history exists.

HexaFit exposes the current health route and explains how status, incident updates, escalation, and response targets become part of the customer proposal or service terms.

Live status reviewSystem health and event history

Shows current health, public status events, and response-target examples for reviewer inspection.

History starts from the public monitoring surface; no pre-existing uptime percentage is invented.
Priority 1Production outage or critical access/payment disruption

Proposal-defined emergency response path

Priority 2Major workflow degradation affecting a location or team

Business-hours triage target in service terms

Priority 3Configuration, data, training, or non-critical workflow issue

Queued support response by support plan