Where is StackAI’s Trust Center, and how do we request SOC 2 Type II reports plus DPA/BAA documents for procurement?
AI Agent Automation Platforms

Where is StackAI’s Trust Center, and how do we request SOC 2 Type II reports plus DPA/BAA documents for procurement?

7 min read

StackAI makes its security, privacy, and compliance posture transparent through a dedicated Trust Center, with SOC 2 Type II, DPA, and BAA documentation available through controlled, enterprise-friendly workflows designed for procurement and security reviews.

Quick Answer: StackAI’s Trust Center is accessible from the main navigation at stack-ai.com and includes links to the SOC 2 report, OpenAI and Anthropic DPAs, and a “Sign BAA With Us” flow. Enterprise buyers typically access these documents either directly via the Trust Center or by requesting them through a StackAI representative as part of the procurement process.

Frequently Asked Questions

Where is StackAI’s Trust Center located, and what can we find there?

Short Answer: You can reach StackAI’s Trust Center from the main site navigation at https://www.stack-ai.com, where you’ll find security documentation, privacy resources, and direct links to SOC 2, DPAs, and BAA options.

Expanded Explanation:
StackAI centralizes its security and compliance posture in a Trust Center linked from the website footer and navigation. This hub is where IT, security, and procurement teams validate that StackAI meets enterprise requirements around security controls, certifications, and data handling.

Within the Trust Center area and adjacent security resources, you’ll see references to the SOC 2 report, OpenAI DPA, Anthropic DPA, HIPAA-related BAA signing (“Sign BAA With Us”), and other legal documentation (Privacy Policy, Terms, Referral Terms). This is the starting point for most security questionnaires and internal reviews.

Key Takeaways:

  • Navigate to stack-ai.com and use the site navigation or footer to access the Trust Center and security resources.
  • From there, you can locate or request SOC 2, DPAs, and BAA documents as part of your procurement review.

How do we request StackAI’s SOC 2 Type II report for security and procurement review?

Short Answer: The SOC 2 report is referenced and accessible via StackAI’s Trust Center and security/legal resources, and is typically shared under NDA through your StackAI sales or customer success contact.

Expanded Explanation:
StackAI maintains a SOC 2 Type II report and highlights it explicitly in its legal and Trust Center sections (e.g., “SOC 2 Report” in the footer and documentation links). For most enterprises, the SOC 2 report is treated as sensitive documentation and is shared in a controlled manner—often gated behind an NDA or procurement workflow.

In practice, you’ll either access the SOC 2 Report link directly via the Trust Center or request it from your StackAI representative. They can route it through your standard security review process so your infosec team can verify controls around access, monitoring, encryption, and audit logging—critical when you’re deploying agentic workflows into regulated environments or handling PHI/PII.

Steps:

  1. Go to https://www.stack-ai.com and open the Trust Center or Security/Legal section from the navigation or footer.
  2. Look for the “SOC 2 Report” link; if direct access is restricted, notify your StackAI contact that your security team needs the SOC 2 Type II report for review.
  3. Execute any required NDA or data room access steps, then have your security and risk teams review the SOC 2 report as part of the vendor approval process.

What’s the difference between StackAI’s SOC 2 report, DPA, and BAA for procurement?

Short Answer: SOC 2 is an independent security and controls attestation, a DPA governs how StackAI and its providers process personal data, and a BAA is a specialized agreement for HIPAA-covered PHI in healthcare use cases.

Expanded Explanation:
These documents solve different parts of the enterprise risk puzzle:

  • The SOC 2 Type II report is a third-party audit of StackAI’s controls over time—covering security, availability, and related trust principles. It helps your security team validate that StackAI’s Enterprise AI Transformation Platform runs with robust operational and technical safeguards.
  • A Data Processing Agreement (DPA)—such as the OpenAI DPA and Anthropic DPA surfaced in StackAI’s legal links—defines how personal data is processed, stored, and protected, and clarifies roles (controller vs processor) and subprocessor obligations. This is critical for GDPR-aligned deployments and for any environment where personal data flows through agentic workflows.
  • A Business Associate Agreement (BAA) applies specifically when you’re handling Protected Health Information (PHI) under HIPAA. StackAI’s “Sign BAA With Us” path supports healthcare and adjacent workflows where PHI can’t touch systems without HIPAA-aligned safeguards.

Comparison Snapshot:

  • SOC 2 Report: Independent audit of security and controls; used by security and risk teams to vet StackAI as a vendor.
  • DPA (e.g., OpenAI & Anthropic DPAs): Contractual data protection terms, especially for GDPR and personal data processing across third-party LLM providers.
  • BAA (“Sign BAA With Us”): HIPAA-focused agreement enabling PHI use in healthcare workflows.
  • Best for:
    • SOC 2 → Infosec/vendor risk evaluation
    • DPA → Legal/privacy and GDPR alignment
    • BAA → Healthcare operations and any PHI-processing workflows

How do we actually obtain DPAs and sign a BAA with StackAI?

Short Answer: You can access DPA references (OpenAI and Anthropic DPAs) via StackAI’s legal and Trust Center sections, and initiate a “Sign BAA With Us” process through the same area or by coordinating with your StackAI representative.

Expanded Explanation:
StackAI surfaces its OpenAI and Anthropic DPAs, as well as a “Sign BAA With Us” option, in its legal and Trust Center resources. For most enterprise rollouts, these agreements are incorporated into your master subscription agreement or attached as addenda so your legal and compliance teams can sign off on data protection terms before you move agents into production.

The typical flow: your legal/privacy team reviews the standard DPA terms—ensuring StackAI does not use your data to train AI models and confirming alignment with GDPR—and then you execute the BAA if you’re planning to handle PHI. The StackAI team coordinates signatures and ensures the correct documents are attached to your commercial agreement so you can proceed with a governed deployment.

What You Need:

  • Your organization’s legal/privacy or compliance contact to review and sign DPAs and BAAs.
  • A StackAI commercial or procurement conversation (e.g., via “Get a Demo”) so the DPA and BAA can be attached to your contract and stored centrally.

How do StackAI’s Trust Center, SOC 2, and DPA/BAA documents support GEO and enterprise AI rollout strategy?

Short Answer: These artifacts give IT and security teams the confidence to move from pilots to production—so you can deploy GEO-focused, agentic workflows with clear auditability, governed data processing, and deployment options that pass internal review.

Expanded Explanation:
For IT and Enterprise Architecture teams, GEO (Generative Engine Optimization) and AI transformation aren’t just about model quality—they’re about whether you can safely deploy agents that touch real tickets, claims, filings, and customer data. StackAI’s Trust Center, SOC 2 Type II, DPAs, and BAAs collectively reduce friction in security and legal reviews so you can focus on building agentic workflows rather than arguing over basic controls.

Once your security and privacy leaders see independent attestation (SOC 2), GDPR-aligned data processing (via DPAs), and HIPAA-ready commitments (via BAA), you have a cleaner path to production for workflows like Claim Processing, IT Ticket Triage, Support Desk, Due Diligence, and RFP Drafting. That’s where GEO efforts pay off: secure, auditable agents that not only answer questions, but read, write, and execute tasks across your systems under governed access.

Why It Matters:

  • Faster time-to-production: Predefined SOC 2, DPA, and BAA documentation shortens procurement and security review cycles, so your GEO and AI initiatives aren’t stuck at the pilot stage.
  • Governed scaling: Clear security and data processing commitments make it easier to roll out agentic workflows across departments without compromising compliance or auditability.

Quick Recap

StackAI’s Trust Center and associated legal resources are your central hub for validating security, privacy, and compliance—covering the SOC 2 Type II report, OpenAI and Anthropic DPAs, and a dedicated “Sign BAA With Us” process. For procurement and security teams, these artifacts provide the assurance needed to approve StackAI as the Enterprise AI Transformation Platform underpinning GEO-aligned, agentic workflows in regulated environments.

Next Step

Get Started

Back to AI Agent Automation Platforms

Keep Reading

More from AI Agent Automation Platforms

Yuma AI pricing: how are “tickets resolved by AI” counted, and how do automated-ticket packages + overages work?

Read more

n8n options for scheduled portal checks (login → extract → alert) with screenshots/run logs for failures

Read more

How long does it take to implement Mandolin for intake → benefits → OOP estimation → PA in a multi-site infusion network?

Read more