Certifications & Compliance

Our Compliance Standards

TruAddress maintains rigorous compliance with industry standards to ensure our services meet the highest security and accuracy requirements.

CASS Certification

What is CASS?

The Coding Accuracy Support System (CASS) is a certification program administered by the United States Postal Service (USPS). CASS-certified software meets USPS accuracy standards for address standardization.

Our CASS Status

TruAddress is CASS-certified for address standardization and validation. This means:

• Our address corrections meet USPS accuracy requirements
• Addresses validated through our API qualify for postal discounts
• We process addresses according to USPS Publication 28 standards

Benefits of CASS

• Qualify for USPS automation discounts (up to 15% savings)
• Reduce undeliverable mail
• Improve delivery speed
• Ensure compliance with USPS requirements

SOC 2 Type II

What is SOC 2?

SOC 2 (Service Organization Control 2) is an auditing framework developed by the AICPA. It evaluates how organizations manage data based on five trust principles.

Our SOC 2 Status

TruAddress maintains SOC 2 Type II compliance, covering:

• Security: Protection against unauthorized access
• Availability: System accessibility as agreed
• Confidentiality: Protection of confidential information

Obtaining Our Report

SOC 2 reports are available to customers under NDA. Contact [email protected] to request a copy.

HIPAA

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) establishes standards for protecting sensitive patient health information.

Our HIPAA Status

TruAddress infrastructure is HIPAA-ready. We offer:

• Business Associate Agreements (BAAs) for healthcare customers
• Technical safeguards required by HIPAA Security Rule
• Administrative procedures for handling PHI

Availability

HIPAA compliance features and BAAs are available on Enterprise plans. Contact [email protected] to learn more.

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy.

Our GDPR Status

TruAddress is GDPR compliant. We provide:

• Data Processing Agreements (DPAs)
• Standard Contractual Clauses for international transfers
• Data subject rights tools
• EU data residency options (Enterprise plans)

See our GDPR Compliance page for details.

PCI DSS

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations that handle credit card data.

Our PCI Status

TruAddress does not directly handle credit card data. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified—the highest level of compliance.

Data Center Compliance

Our infrastructure is hosted on providers that maintain:

• SOC 1, SOC 2, and SOC 3 certifications
• ISO 27001 certification
• FedRAMP authorization
• Physical security controls (biometric access, 24/7 monitoring)

Accuracy Standards

Address Matching

• 99.5%+ accuracy on US addresses
• Delivery Point Validation (DPV) for residential deliverability
• ZIP+4 coding for all matched addresses

Geocoding

• Rooftop-level precision when available
• Sub-10 meter accuracy for most addresses
• Full coverage of US and 240+ countries

Compliance Resources

| Document | Description | How to Access | |----------|-------------|---------------| | SOC 2 Report | Annual audit report | Request under NDA | | DPA | Data Processing Agreement | Contact [email protected] | | BAA | Business Associate Agreement | Enterprise plans | | Security Whitepaper | Technical security overview | Available on request |

Request Compliance Documentation

For compliance documentation or questions:

• Compliance Team: [email protected]
• Sales: [email protected] (for BAA/Enterprise inquiries)

Last updated: January 29, 2026