// Trust & Security Report

    Ada (AI-native customer experience platform) logo

    Ada (AI-native customer experience platform)

    Ada ACX Platform - AI customer service agents for enterprise customer experience management, including messaging, voice, email channels with omnichannel orchestration and AI agent optimization

    Certifications held

    9

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 (October 1, 2023 – September 30, 2024)

    Verify on security.ada.cx
    SOC 3
    HELD

    SOC 3 (October 1, 2023 – September 30, 2024)

    Verify on security.ada.cx
    HIPAA
    HELD

    HIPAA (Health Insurance Portability and Accountability Act) — Ada provides HIPAA-compliant configuration and Business Associate Agreements (BAA) for healthcare and insurance customers

    Verify on ada.cx
    GDPR
    HELD

    GDPR (General Data Protection Regulation) — stated as industry-leading compliance. Data Processing Addendum available. Data residency in EU (Ireland, Germany) via AWS.

    Verify on ada.cx
    AIUC-1
    HELD

    AIUC-1 — 'First AI-agent-specific standard; Ada was the first customer service platform to earn this certification'

    Verify on ada.cx
    PCI DSS
    HELD

    PCI Attestation of Compliance mentioned in security documentation

    Verify on security.ada.cx
    CCPA / CPRA
    HELD

    CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act) compliance stated

    Verify on security.ada.cx
    PIPEDA
    HELD

    PIPEDA (Personal Information Protection and Electronic Documents Act) compliance stated

    Verify on security.ada.cx
    VPAT
    HELD

    VPAT (Voluntary Product Accessibility Template) listed in compliance certifications

    Verify on security.ada.cx
    > Show 1 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification on ada.cx or security.ada.cx. Third-party sources (Fini Labs) claim Ada holds ISO 27001, but this is not corroborated by Ada's own trust center or security documentation.

    source: security.ada.cx

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region: US, Canada, Ireland, Germany (via AWS). Standard Contractual Clauses and adequacy decisions used for international transfers.

    Ada explicitly states: 'customer data processed by LLMs is not used to train public models.' Enforces zero data retention policies with LLM providers. Customer data is not stored by third-party AI providers after processing.

    // Security controls

    Encryption in Transit

    TLS 1.2+ (minimum)

    security.ada.cx

    Encryption at Rest

    AES-256

    security.ada.cx

    Authentication

    Multi-factor authentication (MFA) available

    security.ada.cx

    Access Control

    Role-based access control (RBAC) with granular audit logging

    security.ada.cx

    Penetration Testing

    Annual third-party penetration testing, including LLM layer security evaluation (reports from 2025 available)

    security.ada.cx

    Vulnerability Management

    Continuous vulnerability scanning

    security.ada.cx

    Incident Response

    24/7 incident response team

    security.ada.cx

    Business Continuity

    Disaster recovery and business continuity plans tested annually

    security.ada.cx

    AI Safety Controls

    Built-in hallucination safeguards; responses verified against approved sources; tone and compliance verification; continuous monitoring for accuracy and alignment

    ada.cx

    Third-Party Security Ratings

    SecurityScorecard: A grade | Qualys SSL Labs: A rating | UpGuard: 850 score

    security.ada.cx

    // Products & data scope

    Ada ACX PlatformConversational AI / Customer Service Agent

    data: Customer support conversations across chat, email, voice, and messaging channels; intent classification, routing, and resolution

    Core product for enterprise customer experience automation. Multi-channel, multilingual, with LLM-based reasoning engine. Omnichannel orchestration and AI agent performance optimization.

    Ada PlaybooksWorkflow Automation

    data: Complex multi-step customer service workflows, escalation rules, and agent behavior guardrails

    Addresses latency, adherence, and customer behavior challenges in AI agent scaling.

    Ada VoiceVoice AI Agent

    data: Voice conversations, intent recognition, response generation with voice-specific safety controls

    AI-powered voice customer service agents with resolution as primary KPI.

    // What to watch

    • SOC 2 Type 2 and SOC 3 certifications show expiry date of September 30, 2024. No evidence of renewal to 2025 or 2026. Vendor documentation appears outdated. Recommend contacting Ada to verify current certification status.
    • ISO 27001: Third-party sources (Fini Labs, fin.ai) claim Ada is ISO 27001 certified, but no direct evidence found on ada.cx or security.ada.cx. Over-claim risk in third-party marketing materials — Ada's own trust center does not list ISO 27001 as a held certification.
    • HIPAA is listed as a 'compliance' posture with BAA availability, not a formal third-party certification like SOC 2. Clarify whether Ada holds HIPAA compliance certification or merely offers HIPAA-ready contracts.
    • Identity-conflation risk: ada.com (different company/domain) appeared in search results for ISO 27001. Confirmed assessment is for ada.cx (Toronto-based AI customer service platform), not ada.com.
    • Maturity assessment: Ada is enterprise-grade (1.2B valuation, 350+ enterprise customers, 2026 operations). However, expired SOC 2 dates and lack of current ISO 27001 evidence suggest documentation/renewal lag.

    // At a glance

    Pricing model

    Subscription-based SaaS (enterprise pricing; details require quote)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Ada (AI-native customer experience platform)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    security.ada.cx

    > Browse all vendor trust reports