Skip to main content
SOC 2 compliance practices

SOC 2 Compliance File Apps

PDF and file apps designed for organizations that maintain SOC 2 compliance programs. For the apps listed below: browser-first processing, no server-side file handling.

Browser-First AppsLocal WASM ProcessingLow Vendor Risk

How MiOffice Reflects SOC 2 Trust Services Criteria

SOC 2 (System and Organization Controls 2) evaluates service organizations against five Trust Services Criteria. The PDF and file apps listed on this page use a browser-first architecture that reflects the practices the SOC 2 framework is designed to assess — for these specific apps, there is no server-side data handling to audit.

Security (CC)

All processing in browser sandbox. No server endpoints receive file data. SSL/TLS + HSTS preload on all connections. Memory isolation per session.

Availability (A)

Apps work offline after first load. No server dependency for file processing. No rate limits, no quotas, no downtime impact on file operations.

Confidentiality (C)

Private & secure client-side processing. No data at rest on any server. No access logs containing file contents. No third-party subprocessors for file handling.

Processing Integrity (PI)

Deterministic browser-based processing. Same input always produces same output. No server-side transformations that could alter data.

Privacy (P)

No PII collected. No user accounts. No tracking of file contents. Analytics limited to anonymous page views via self-hosted Umami.

Why SOC 2 Teams Choose MiOffice

Lighter Vendor Risk Assessment

For the apps listed below, files don't reach our servers — so these workflows add minimal weight to your vendor risk register. Fewer questionnaires, smaller review surface.

Browser-First DPA Profile

For these listed apps, your browser does the processing. Reduces the data sub-processor surface for these specific workflows.

Audit-Friendly Architecture

Explain to auditors in one sentence: "For these PDF and file apps, files are processed client-side in the browser." Verifiable via Network tab.

Lower Incident Surface

Browser-first file processing for these apps reduces file-related incident surface area. Helps simplify your SOC 2 continuous monitoring scope.

Applications

Keep your SOC 2 posture intact

Process files without adding vendor risk. No signup. Private & secure.