The Compute Exchange Is Now SOC 2 Type II Compliant

We're proud to announce that The Compute Exchange (TCEX) has achieved SOC 2 Type II compliance, in accordance with the American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations (SSAE 18).

For a marketplace built on connecting buyers and sellers of compute, this milestone is more than a badge — it's third-party validation of the security and operational discipline that underpins every transaction on our platform.

What SOC 2 Type II Actually Validates

SOC 2 is the recognized standard for how service organizations protect customer data. The distinction between Type I and Type II matters: a Type I report confirms that the right controls are designed and in place at a single point in time, while a Type II report confirms that those controls operated effectively over an extended period.

In other words, this isn't a snapshot. An independent auditor examined our systems, policies, and controls across the entire audit window and attested that they functioned consistently and as intended throughout. That ongoing operational evidence is the part that's hard to fake — and the part that genuinely matters.

Why This Matters for a Compute Marketplace

TCEX sits between buyers and sellers, brokering transactions for compute hardware and rentals. That position carries a specific kind of responsibility: every counterparty trusts us with sensitive commercial information and relies on the platform to behave predictably and securely.

Trust is the product. A marketplace only works if both sides have confidence that the infrastructure handling their data and their deals is held to a rigorous, independently verified standard. SOC 2 Type II gives our customers — and their security and procurement teams — a clear, externally audited answer to the question they should always be asking: can we rely on this platform to safeguard what we put into it?

For enterprise buyers and sellers whose own vendor due-diligence processes require it, this attestation also removes friction. It's a recognized signal that meets a bar their security teams already understand.

How We Got Here

Achieving SOC 2 Type II is a sustained effort, not a single project. It meant formalizing controls, documenting how our environments are actually operated and protected, and demonstrating that those controls hold up under independent scrutiny over time.

The security audit and attestation were performed by Prescient Security, a leader in security and compliance attestation for B2B and SaaS companies worldwide. We managed our controls and evidence throughout the process with Vanta. Our thanks to both teams for guiding us through the audit and certification.

What's Next

This attestation reflects where we are today, and it sets the standard for where we're going. Security and reliability aren't a one-time milestone for a marketplace — they're an ongoing commitment that we'll continue to invest in as TCEX grows. We'll maintain our SOC 2 posture going forward and keep raising the bar on the trust and operational excellence our customers depend on.

If you'd like to learn more about our security practices or request our SOC 2 Type II report, 

please visit trust.compute.exchange.