Skip to main content
Files never leave your browser|GDPR|508 Accessible

Certifications & Compliance

MiOffice's compliance posture across accessibility, privacy, industry regulations, and security verification standards.

Understanding Our Status Labels

Supports / Compliant by Design / Safe by Design — Architecture inherently satisfies requirements
Published — Formal documentation publicly available
Aligned — Architecture aligns with controls; formal certification not obtained
Ready — Architecture supports requirements; formal authorization pending

Accessibility

WCAG 2.1 Level AA

Supports

Web Content Accessibility Guidelines 2.1 Level AA conformance. Keyboard navigation, screen reader support, high contrast.

Section 508

Supports

Section 508 of the Rehabilitation Act. Federal accessibility requirements for electronic and information technology.

ADA Title II & III

Supports

Americans with Disabilities Act compliance. Accessible to people with disabilities including visual, motor, and cognitive.

EN 301 549

Supports

European standard for ICT accessibility. Harmonized with WCAG 2.1 AA for EU public sector procurement.

European Accessibility Act (EAA)

Supports

EU directive requiring digital products to be accessible. Effective June 2025.

VPAT 2.5

Published

Voluntary Product Accessibility Template documenting conformance with WCAG, Section 508, and EN 301 549.

Privacy & Data Protection

GDPR

Compliant by Design

EU General Data Protection Regulation. No personal data processed server-side. Articles 5, 6, 17, 25, 32, 44 satisfied.

UK GDPR

Compliant by Design

UK implementation of GDPR post-Brexit. Same zero-upload architecture satisfies UK data protection requirements.

CCPA / CPRA

Compliant by Design

California Consumer Privacy Act and California Privacy Rights Act. No personal information collected or sold.

LGPD (Brazil)

Compliant by Design

Lei Geral de Proteção de Dados. Brazilian data protection law. No data processing occurs outside user device.

DPDPA (India)

Compliant by Design

Digital Personal Data Protection Act. Indian data protection law. No personal data transferred to any server.

PIPEDA (Canada)

Compliant by Design

Personal Information Protection and Electronic Documents Act. No personal information collected or disclosed.

Industry Compliance

HIPAA

Safe by Design

Health Insurance Portability and Accountability Act. No PHI exposure — files never leave the browser. No BAA required.

FERPA

Safe by Design

Family Educational Rights and Privacy Act. Student records processed locally. No student data exposure.

SOC 2

Aligned

Service Organization Control 2 Trust Services Criteria alignment. Zero data at rest, no vendor risk surface.

ISO 27001:2022

Aligned

International information security standard. Annex A controls alignment through zero-upload architecture.

FedRAMP

Ready

Federal Risk and Authorization Management Program. Zero cloud dependency simplifies ATO packages.

Security Verification

SSL Labs

A+

Qualys SSL Labs server test. TLS 1.2/1.3, strong cipher suites, HSTS preload, certificate chain verified.

Security Headers

A

SecurityHeaders.com scan. HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy headers verified.

Mozilla Observatory

B+

Mozilla HTTP Observatory. Security headers, cookies, content security analysis. (CSP omitted — required for ZetaOffice WASM).

Google Safe Browsing

Clean

Google Safe Browsing status verified clean. No malware, phishing, or unwanted software detected.

HSTS Preload

Submitted

HSTS Preload list submission. Browsers will enforce HTTPS before first connection.

Questions about compliance?

Contact our team for compliance documentation, VPAT requests, or security questionnaires.

Contact UsView VPATCompliance Hub
SecurityTrust CenterPrivacy PolicyAccessibilityBug Bounty