Compliance & Certifications
MiOffice meets accessibility, privacy, and security standards across multiple frameworks. All documentation is publicly available.
Compliance Frameworks
Section 508
CompliantUS federal accessibility standard under the Rehabilitation Act. Required for government agencies and their vendors.
View VPAT →WCAG 2.1 Level AA
SupportsWeb Content Accessibility Guidelines by W3C. The international standard for web accessibility. All 50 success criteria addressed.
View Conformance →GDPR (EU)
Compliant by DesignGeneral Data Protection Regulation. MiOffice achieves compliance through architecture — no file data is collected, processed, or stored server-side.
Privacy Policy →UK GDPR
Compliant by DesignUK implementation of GDPR post-Brexit. Same privacy-by-architecture approach ensures compliance without data processing.
Privacy Policy →CCPA (California)
CompliantCalifornia Consumer Privacy Act. No personal information from file processing is sold, shared, or collected.
CCPA Details →European Accessibility Act
SupportsEU Directive 2019/882 requiring digital products and services to be accessible. Effective June 2025.
View Statement →EN 301 549
SupportsEuropean standard for ICT accessibility. Harmonized with WCAG 2.1 AA for web content.
View Conformance →SSL/TLS (HSTS)
ActiveAll connections encrypted with TLS 1.3. HSTS preload enabled. Strict-Transport-Security header enforced.
Security Details →EU-U.S. Data Privacy Framework
PendingSelf-certification in progress for EU-U.S. Data Privacy Framework. MiOffice does not transfer file data between jurisdictions.
Trust Center →LGPD (Brazil)
Compliant by DesignLei Geral de Protecao de Dados. Client-side architecture means no personal data collection or cross-border transfer of file data.
Trust Center →DPDPA (India)
Compliant by DesignDigital Personal Data Protection Act 2023. No personal data fiduciary obligations — all file processing stays on the user's device.
Trust Center →Why MiOffice Is Inherently Compliant
Privacy by Architecture
Files never leave the browser. Processing uses WebAssembly running locally. No server-side file handling infrastructure exists.
Accessibility by Design
Semantic HTML, ARIA labels, keyboard navigation, skip links, and WCAG AA contrast ratios built into every component.
Security by Default
SSL/TLS on all connections, HSTS preload, security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
Data Flow
| Data Type | Collected? | Stored? | Shared? |
|---|---|---|---|
| Your files | No | No | No |
| File contents | No | No | No |
| File metadata | No | No | No |
| Personal info | No | No | No |
| Page views (analytics) | Yes (anon) | Aggregated | No |
Compliance Resources
Certifications & Compliance
Master overview of all compliance postures and status labels
508 Compliant PDF Suite
Section 508 accessible PDF suite with VPAT
ADA Compliant PDF Suite
ADA Title II & III accessible document tools
HIPAA-Safe PDF Tools
Zero PHI exposure — files never leave the browser
FERPA-Safe PDF Tools
Student records processed locally — no data exposure
GDPR Compliant File Converter
GDPR safe file conversion — no data collection
CCPA Compliant File Converter
California privacy — no data collected or sold
SOC 2 Aligned File Tools
Zero data at rest — no vendor risk surface
ISO 27001 Aligned Security
Annex A control alignment through zero-upload architecture
FedRAMP-Ready PDF Tools
Zero cloud dependency — simplifies ATO packages
Government Ready PDF Suite
Suite built for federal, state, and local agencies
Privacy First Document Converter
Most private file converter — zero knowledge architecture
Security
SSL, encryption, and security practices
Bug Bounty & Disclosure
Responsible vulnerability disclosure program
Penetration Testing
Security architecture and attack surface analysis
Privacy Policy
Full privacy policy with GDPR and CCPA sections
Terms of Service
Terms, data handling, and liability
Accessibility Statement
VPAT and WCAG conformance report
Trust Center
International privacy frameworks and data residency
VPAT 2.5
Full ITIC VPAT — WCAG 2.1, Section 508, EN 301 549
Need Compliance Documentation?
For VPAT requests, DPA inquiries, or compliance questions, contact us.