Why SOC 2 Compliance Does Not Apply to Chilkat Software

SOC 2 compliance is specifically designed for service providers that store, process, or transmit customer data on behalf of their clients—typically in a hosted, managed, or cloud-based environment.

What Chilkat Does:

• Chilkat provides software libraries (DLLs, ActiveX components, etc.) for use within a customer’s own application.
• These libraries offer encryption, decryption, compression, networking, and API functions, but:
  • Chilkat does not run these functions themselves.
  • Chilkat does not host any data or infrastructure.
  • Chilkat has no access to end-user or customer data.

What Chilkat Does Not Do:

• Chilkat does not operate a SaaS platform.
• Chilkat does not host or manage client data.
• Chilkat does not perform or monitor any services on behalf of its customers.

  ---

Key Point:

SOC 2 compliance is not applicable to Chilkat Software because Chilkat is a software vendor, not a service provider.

Just as you wouldn’t expect Microsoft to get SOC 2 certification for every Windows DLL, Chilkat doesn’t require SOC 2 because its libraries are simply tools—they don’t constitute a hosted service.

A Helpful Analogy:

Using Chilkat in an application is like using a cryptographic library (e.g., OpenSSL) or a file compression utility. The security and compliance responsibility lies with the application developer or service provider who integrates and operates it—not with the library vendor.