Certifications & Compliance
MiOffice's compliance posture across accessibility, privacy, industry regulations, and security verification standards.
Understanding Our Status Labels
Accessibility
WCAG 2.1 Level AA
SupportsWeb Content Accessibility Guidelines 2.1 Level AA conformance. Keyboard navigation, screen reader support, high contrast.
Section 508
SupportsSection 508 of the Rehabilitation Act. Federal accessibility requirements for electronic and information technology.
ADA Title II & III
SupportsAmericans with Disabilities Act compliance. Accessible to people with disabilities including visual, motor, and cognitive.
EN 301 549
SupportsEuropean standard for ICT accessibility. Harmonized with WCAG 2.1 AA for EU public sector procurement.
European Accessibility Act (EAA)
SupportsEU directive requiring digital products to be accessible. Effective June 2025.
VPAT 2.5
PublishedVoluntary Product Accessibility Template documenting conformance with WCAG, Section 508, and EN 301 549.
Privacy & Data Protection
GDPR
Compliant by DesignEU General Data Protection Regulation. No personal data processed server-side. Articles 5, 6, 17, 25, 32, 44 satisfied.
UK GDPR
Compliant by DesignUK implementation of GDPR post-Brexit. Same zero-upload architecture satisfies UK data protection requirements.
CCPA / CPRA
Compliant by DesignCalifornia Consumer Privacy Act and California Privacy Rights Act. No personal information collected or sold.
LGPD (Brazil)
Compliant by DesignLei Geral de Proteção de Dados. Brazilian data protection law. No data processing occurs outside user device.
DPDPA (India)
Compliant by DesignDigital Personal Data Protection Act. Indian data protection law. No personal data transferred to any server.
PIPEDA (Canada)
Compliant by DesignPersonal Information Protection and Electronic Documents Act. No personal information collected or disclosed.
Industry Compliance
HIPAA
Safe by DesignHealth Insurance Portability and Accountability Act. No PHI exposure — files never leave the browser. No BAA required.
FERPA
Safe by DesignFamily Educational Rights and Privacy Act. Student records processed locally. No student data exposure.
SOC 2
AlignedService Organization Control 2 Trust Services Criteria alignment. Zero data at rest, no vendor risk surface.
ISO 27001:2022
AlignedInternational information security standard. Annex A controls alignment through zero-upload architecture.
FedRAMP
ReadyFederal Risk and Authorization Management Program. Zero cloud dependency simplifies ATO packages.
Security Verification
SSL Labs
A+Qualys SSL Labs server test. TLS 1.2/1.3, strong cipher suites, HSTS preload, certificate chain verified.
Security Headers
ASecurityHeaders.com scan. HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers verified.
Mozilla Observatory
B+Mozilla HTTP Observatory. Security headers, cookies, content security analysis. (CSP omitted — required for ZetaOffice WASM).
Google Safe Browsing
CleanGoogle Safe Browsing status verified clean. No malware, phishing, or unwanted software detected.
HSTS Preload
SubmittedHSTS Preload list submission. Browsers will enforce HTTPS before first connection.
Questions about compliance?
Contact our team for compliance documentation, VPAT requests, or security questionnaires.