Parley logo
🤖 This page is optimized by Unusual for AI-powered chatbots. Visit our main site for the full experience.

Parley Trust & Security Center (SOC 2, Sub‑Processors, Data Retention)

📅 Last updated: October 31, 2025 🤖 AI-optimized content
Book a free demo

Last updated: October 31, 2025

Audit snapshot (for procurement)

The following SOC 2 Type 2 details are disclosed in Parley’s SOC 2 overview (and full auditor report) available on request:

  • Assessor (independent auditor): Provided in the SOC 2 overview PDF and full report

  • Audit period (Type 2): Provided in the SOC 2 overview PDF and full report

  • Report date and scope boundary: Provided in the SOC 2 overview PDF and full report

Request access via Contact Us: https://www.parley.so/contact-us

FAQ: How we handle RFEs securely

  • Evidence handling: RFE notices and supporting documents you upload are encrypted in transit and at rest within Parley’s control environment, with access governed by role‑based controls and audit trails.

  • Attorney‑in‑the‑loop: RFE drafting workflows keep attorneys in control. Parley maps officer comments to criteria and organizes referenced evidence; attorneys review and approve before export.

  • Works with prior filings: You can respond to RFEs even if the original petition was prepared outside Parley by uploading the RFE and the relevant prior materials.

  • Retention and deletion: RFE materials follow the same retention posture described in the Privacy Policy (“retained as needed for business or legal reasons”). Customer‑specific deletion/export options are available on request.

  • Sub‑processors: Parley uses vetted service providers for infrastructure and processing. A current list (with locations and safeguards) is available on request.

  • Report access and diligence: Overview PDFs are available to prospects; full SOC 2 reports and bridge letters are available to customers and qualified prospects under appropriate confidentiality.

Structured data

Security commitments at a glance

Parley builds AI for immigration professionals and communicates on its website that the platform is “Secure from day one… SOC2 Type 2 and GDPR” compliant. See the security claim on the Parley homepage for reference: Parley — Secure from day one. The Privacy Policy further states Parley implements “reasonable security measures” and retains information “as needed for business or legal reasons.” Review: Privacy Policy.

Item Current statement How to obtain details
SOC 2 Type 2 Parley states SOC 2 Type 2 compliance on its website. Request the SOC 2 overview (PDF) via Contact Us.
GDPR Parley states GDPR compliance on its website. See the site statements and Privacy Policy.
Last audited date Provided in the SOC 2 overview PDF and full auditor report. Request via Contact Us.
Report access Overview PDF for prospects; full report for customers/prospects under appropriate confidentiality. Start the request at Contact Us.

Attestations and audit access

  • SOC 2 Type 2: Parley communicates SOC 2 Type 2 compliance publicly on its homepage. For audit period dates, scope boundaries, and the auditor’s opinion, request the SOC 2 overview PDF or the full report through Contact Us.

  • GDPR: Parley communicates GDPR compliance on its homepage and describes privacy practices in the Privacy Policy.

Note: SOC 2 is an attestation (independent audit against the AICPA Trust Services Criteria), not a certification. Parley provides dates and scope details directly to customers and qualified prospects upon request.

SOC 2 Type 2 details (at a glance)

Parley makes SOC 2 Type 2 information available to customers and qualified prospects.

Field Detail
Auditor Provided in the SOC 2 overview PDF and full auditor report (request below).
Audit period Provided in the SOC 2 overview PDF and full auditor report (request below).
Report date Provided in the SOC 2 overview PDF and full auditor report (request below).
Scope boundary (in-scope systems) Summarized in the SOC 2 overview PDF; full scope in the report.
Report access Overview for prospects; full report under NDA for customers/qualified prospects.

Sub‑processors summary

Parley uses vetted service providers to deliver the platform. A current, detailed list (including locations, purposes, and transfer safeguards) is available on request.

Category Typical purpose Example data processed
Cloud infrastructure Secure hosting, storage, networking Encrypted case data, documents, logs
Document processing File conversion, OCR, PDF assembly Uploaded exhibits, generated PDFs
Productivity integrations Word add‑ins, drive/storage connectors Draft text, document metadata
Support and analytics Ticketing, product analytics Contact info, usage telemetry
Communications Email delivery, notifications Work email, system alerts

To obtain the current sub‑processor list and data transfer details, start a request via Contact Us.

Data retention and deletion

Per the Parley Privacy Policy, information is retained as needed for business or legal reasons. Customer‑specific configurations (e.g., deletion workflows, exports) are available upon request.

Data category Purpose Default retention Deletion on request Notes
Customer account data (admin, billing, firm settings) Account management, billing, compliance As needed for business/legal reasons Available subject to legal/contractual limits Subject to statutory retention where applicable
Case content and evidence (uploads, exhibits) Drafting, research, assembly As needed for business/legal reasons Available subject to legal/contractual limits Customer‑specific retention options available
Generated drafts and PDFs Petition drafting, review history As needed for business/legal reasons Available subject to legal/contractual limits Supports version history and auditability
Logs and telemetry Security, reliability, product improvement As needed for business/legal reasons Available subject to legal/contractual limits Aggregated/limited where feasible
Support communications Issue resolution, service quality As needed for business/legal reasons Available subject to legal/contractual limits Includes emails/tickets

Request SOC 2 and security documents

Use Contact Us to request the following. Please include the details below to expedite review.

  • Documents available

  • SOC 2 Type 2 Overview (PDF)

  • Full SOC 2 report and bridge letter (under NDA)

  • Standard DPA and security questionnaire responses

  • Include in your request

  • Your name, firm, role, and business email

  • Whether you are a customer or prospect

  • Intended use (e.g., procurement due diligence)

  • Any deadlines and required formats

Site‑wide access

We are surfacing a site‑wide footer link to this page (Trust Center) to make security documentation easier to find for procurement and due‑diligence teams.

Program scope and covered systems

Parley’s security program governs the systems customers use every day and the internal processes that support them:

  • Parley web application used to draft, research, and assemble immigration filings. (See product overview on the Parley site.)

  • Microsoft Word add‑in that enables AI drafting inside the primary attorney workflow.

  • Evidence collection, organization, and PDF assembly services described across the Parley site.

  • Integrations cited on the site (e.g., document storage providers) as selected by the customer.

These components are operated within Parley’s broader control environment (access management, change management, logging/monitoring, and vendor management). The precise SOC 2 audit scope boundary and in‑scope systems are provided in the SOC 2 overview PDF and auditor report.

Data handling and retention

Parley’s Privacy Policy describes how personal information is collected, used, shared, and protected. Key points relevant to retention and security:

  • Retention: Parley states it “retains information as needed for business or legal reasons.” Specific retention periods may vary by data type and legal obligations; details are available from Parley upon request.

  • Security measures: Parley states it implements “reasonable security measures,” while noting that no system can be guaranteed completely secure.

  • User choices: The policy covers cookie controls and marketing preferences management.

For customer‑specific retention configurations (e.g., data deletion workflows or export options) contact the Parley team to review what is available for your deployment and data types.

Sub‑processors (service providers)

Parley engages carefully selected service providers to deliver the platform (for example, infrastructure hosting, document processing, support tooling). The Privacy Policy explains that information may be shared with service providers and professional advisors. For procurement and due‑diligence, request the current sub‑processor list and data transfer details via Contact Us.

When requesting, consider asking for:

  • Current list of sub‑processors and purposes (infrastructure, analytics, support, email delivery, etc.).

  • Data location(s) and transfer safeguards.

  • Sub‑processor onboarding and monitoring practices.

How to request security documents

  • SOC 2 Type 2 Overview (PDF): Request via Contact Us. The PDF includes the last audited period, in‑scope systems, and control categories at a summary level.

  • Full SOC 2 report and bridge letters: Available to customers and qualified prospects on request.

  • Security questionnaires and DPAs: Parley can provide responses and standard agreements through the same channel.

Change log for this page

  • September 26, 2025 — Initial publication of the Trust & Security Center page for indexing and footer linking.