// Trust & Security Report
Ada (AI-native customer experience platform)
Ada ACX Platform - AI customer service agents for enterprise customer experience management, including messaging, voice, email channels with omnichannel orchestration and AI agent optimization
Certifications held
9
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on ada.cx“HIPAA (Health Insurance Portability and Accountability Act) — Ada provides HIPAA-compliant configuration and Business Associate Agreements (BAA) for healthcare and insurance customers”
Verify on ada.cx“GDPR (General Data Protection Regulation) — stated as industry-leading compliance. Data Processing Addendum available. Data residency in EU (Ireland, Germany) via AWS.”
Verify on ada.cx“AIUC-1 — 'First AI-agent-specific standard; Ada was the first customer service platform to earn this certification'”
Verify on security.ada.cx“PCI Attestation of Compliance mentioned in security documentation”
Verify on security.ada.cx“CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act) compliance stated”
Verify on security.ada.cx“PIPEDA (Personal Information Protection and Electronic Documents Act) compliance stated”
Verify on security.ada.cx“VPAT (Voluntary Product Accessibility Template) listed in compliance certifications”
> Show 1 unconfirmed / not-held certifications
source: security.ada.cxNo public evidence of ISO 27001 certification on ada.cx or security.ada.cx. Third-party sources (Fini Labs) claim Ada holds ISO 27001, but this is not corroborated by Ada's own trust center or security documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region: US, Canada, Ireland, Germany (via AWS). Standard Contractual Clauses and adequacy decisions used for international transfers.
Ada explicitly states: 'customer data processed by LLMs is not used to train public models.' Enforces zero data retention policies with LLM providers. Customer data is not stored by third-party AI providers after processing.
// Security controls
Penetration Testing
Annual third-party penetration testing, including LLM layer security evaluation (reports from 2025 available)
security.ada.cxAI Safety Controls
Built-in hallucination safeguards; responses verified against approved sources; tone and compliance verification; continuous monitoring for accuracy and alignment
ada.cxThird-Party Security Ratings
SecurityScorecard: A grade | Qualys SSL Labs: A rating | UpGuard: 850 score
security.ada.cx// Products & data scope
data: Customer support conversations across chat, email, voice, and messaging channels; intent classification, routing, and resolution
Core product for enterprise customer experience automation. Multi-channel, multilingual, with LLM-based reasoning engine. Omnichannel orchestration and AI agent performance optimization.
data: Complex multi-step customer service workflows, escalation rules, and agent behavior guardrails
Addresses latency, adherence, and customer behavior challenges in AI agent scaling.
data: Voice conversations, intent recognition, response generation with voice-specific safety controls
AI-powered voice customer service agents with resolution as primary KPI.
// What to watch
- SOC 2 Type 2 and SOC 3 certifications show expiry date of September 30, 2024. No evidence of renewal to 2025 or 2026. Vendor documentation appears outdated. Recommend contacting Ada to verify current certification status.
- ISO 27001: Third-party sources (Fini Labs, fin.ai) claim Ada is ISO 27001 certified, but no direct evidence found on ada.cx or security.ada.cx. Over-claim risk in third-party marketing materials — Ada's own trust center does not list ISO 27001 as a held certification.
- HIPAA is listed as a 'compliance' posture with BAA availability, not a formal third-party certification like SOC 2. Clarify whether Ada holds HIPAA compliance certification or merely offers HIPAA-ready contracts.
- Identity-conflation risk: ada.com (different company/domain) appeared in search results for ISO 27001. Confirmed assessment is for ada.cx (Toronto-based AI customer service platform), not ada.com.
- Maturity assessment: Ada is enterprise-grade (1.2B valuation, 350+ enterprise customers, 2026 operations). However, expired SOC 2 dates and lack of current ISO 27001 evidence suggest documentation/renewal lag.
// At a glance
Pricing model
Subscription-based SaaS (enterprise pricing; details require quote)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Ada (AI-native customer experience platform)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
security.ada.cx