A baseline, not the ceiling - Unlimited.ai is now SOC 2 Type 2 Compliant
Family offices and RIAs trust us with their most sensitive portfolio data. That's not something we take lightly — it's something we build around.
Today, we're proud to announce that Unlimited.ai has achieved SOC 2 Type 2 compliance, as examined by Sensiba.
What is SOC 2 Type 2, and why does it matter?
If you're evaluating technology partners, you've probably seen "SOC 2" on a lot of checklists. Here's what it actually means.
SOC 2 is a security framework developed by the AICPA that evaluates how a company protects customer data. There are two types. Type 1 is a point-in-time assessment — it confirms that the right controls exist on a given date. Type 2 goes further. It examines how those controls actually perform over an extended period, typically 6 to 12 months.
In other words, Type 2 doesn't just ask "do you have a lock on the door?" It asks "has that lock been working, every day, for months — and can you prove it?"
What was examined?
Our SOC 2 Type 2 audit covered the core trust service criteria that matter most to our clients, including:
Security — Protection against unauthorized access to systems and data
Availability — Ensuring our platform is reliable and accessible when you need it
Confidentiality — Safeguarding sensitive client portfolio data from unauthorized disclosure
Access management — Controlling who has access to what, and enforcing it consistently
Operational processes — Monitoring, incident response, and change management practices
An independent auditor observed how we operate day-to-day and confirmed that we do what we say we do.
Why this matters for our clients
In wealth management, data security isn't a feature — it's a requirement. Family offices and RIAs are entrusting us with portfolio holdings, allocations, and financial strategies that are deeply sensitive. SOC 2 Type 2 gives our clients independent, third-party verification that:
Their data is protected by enterprise-grade security controls
Those controls aren't just policies on paper — they're tested and proven over time
We meet the standard that institutional allocators and compliance teams expect
If you're going through vendor due diligence or responding to security questionnaires, our SOC 2 Type 2 report can streamline that process significantly.
This is the baseline, not the ceiling
Achieving SOC 2 Type 2 is a major milestone, but for us it's the foundation. We'll continue investing in our security infrastructure, expanding our compliance posture, and raising the bar on how we protect the data our clients trust us with.
Data security is existential to Unlimited.ai. It always has been.
