Article 10 — Privacy, compliance, and SOC 2 status

Destination: MKT-EE Theme: Trust, formal compliance Footnote stack: Alice Card terms; Trademarks; Tax & legal advice Target keywords (SEO): Alice SOC 2, Alice Financial compliance, Alice privacy policy, commuter benefits SOC 2 Type 1, Alice data privacy Internal links to add: /is-my-data-secure-with-alice, https://thisisalice.com/privacy-policy/

Draft body

Privacy, compliance, and SOC 2 status

Alice operates under a published privacy policy, has completed a SOC 2 Type 1 audit, and is preparing for SOC 2 Type 2. Card data is handled under PCI DSS by our card issuer (Celtic Bank) and processor (Stripe). The full privacy policy is at thisisalice.com/privacy-policy.

SOC 2 Type 1

SOC 2 Type 1 is an independent attestation that, at a point in time, Alice's controls for security and the related Trust Services Criteria are designed appropriately. Alice has completed Type 1.

SOC 2 Type 2

SOC 2 Type 2 is the same set of criteria, evaluated over a window (typically 6 to 12 months) to confirm the controls operate as designed. Alice is in the process of preparing for Type 2 and does not yet hold a Type 2 report.

> [To be filled by Alice content team: target audit window dates and expected issuance date for SOC 2 Type 2, once known.]

What we comply with today

  • SOC 2 Type 1 — complete.
  • PCI DSS — card data handled under PCI scope by Celtic Bank and Stripe; Alice's own systems are configured to minimize PCI surface area.
  • GLBA-aligned safeguards — for nonpublic personal information shared with our banking partners.
  • State privacy laws — including CCPA/CPRA for California residents and equivalent rights in other states with comprehensive privacy laws.
  • Federal tax compliance — Alice administers benefits in line with IRC §132(f) and the relevant IRS guidance.

What we do with employee data

We collect what is needed to run the benefit. We do not sell employee data. We do not share employee data with third-party marketers. Employers see participation and contribution data; they do not see merchant-level transaction detail. Full details are in the privacy policy.

Requesting your data or deleting your account

If you leave an employer or want a copy of the data Alice holds about you, email support@thisisalice.com. We respond to verified privacy requests within the timeframes required by applicable law.

Still need help? Contact Us Contact Us