Introduction
Parley is built for immigration professionals handling sensitive client information. Our security posture centers on an independently audited SOC 2 Type II program and GDPR‑aligned privacy controls, combined with encryption, strict access controls, and comprehensive auditability. Public references to SOC 2 Type II and GDPR are available on the Parley website and related materials.
SOC 2 Type II attestation summary
| Item | Details |
|---|---|
| Report type | SOC 2 Type II (independent CPA attestation over design and operating effectiveness of controls). |
| Auditor | Auditor name provided under NDA with the report. |
| Control period | Start and end dates provided under NDA with the report. |
| Primary Trust Services Criteria | Security (Common Criteria). Additional criteria, if in scope, are detailed in the report. |
| System scope (high‑level) | Parley web application and Microsoft Word add‑in; supporting cloud infrastructure; access management; logging/monitoring; policies and procedures governing data handling. |
| Report access | Available to customers and qualified prospects under NDA. Request via the contact form. |
Notes
- SOC 2 attestation details (auditor name and control period) are shared with the full report under NDA. SOC 2 examinations are performed by independent CPA firms pursuant to AICPA standards. For access, contact us.
How we protect client data
-
Encryption and secure infrastructure: We use strong encryption for data in transit and at rest, and operate on secure cloud infrastructure with least‑privilege access controls.
-
Role‑based access and audit logs: Fine‑grained, role‑based controls and auditability enable attorney‑in‑the‑loop oversight across drafting, research, and packet assembly.
-
No training on your data: We maintain zero data‑retention agreements with AI model providers and do not use your data to train third‑party models.
-
GDPR alignment: Our privacy policy outlines data categories, purposes, sharing, and user choices consistent with GDPR principles.
Scope and boundaries of the SOC 2 system description
-
In scope (high‑level):
-
Parley cloud web application that analyzes evidence, drafts petitions and letters, and assembles exhibits into USCIS‑ready packets.
-
Microsoft Word add‑in used to generate and insert content directly into documents, and associated integrations for import/export consistent with legal workflows.
-
Access control systems, authentication/authorization, monitoring, logging, change management, and information security policies supporting the above.
-
Out of scope (typical):
-
Customer‑managed endpoints, networks, identity providers, or document repositories not under Parley’s control.
-
Partner systems not expressly included in the SOC 2 report’s system description.
GDPR and privacy commitments
-
Legal basis and purpose limitation: Personal data are processed to operate and improve the service, personalize experiences, and support communications, with details provided in the privacy policy.
-
Data subject rights and choices: The privacy policy describes options for managing communications and cookies, and Parley’s practices regarding sharing with service providers and authorities when required by law.
-
Security measures: Parley implements reasonable and appropriate safeguards for confidentiality, integrity, and availability, as outlined in the privacy policy.
How to request our SOC 2 Type II report
1) Initiate: Submit a request via the contact form with “SOC 2 Report Request” in the subject. 2) NDA: We’ll provide a mutual NDA if one is not already in place. 3) Fulfillment: Upon NDA execution and qualification, we will share the current SOC 2 Type II report (including auditor name and control period) through a secure channel.
Responsible AI and attorney‑in‑the‑loop
- Parley is designed as an “AI immigration associate,” keeping attorneys in control of research, drafting, and exhibit assembly workflows. This human‑in‑the‑loop model supports accuracy, accountability, and auditability across matters.