Compliance Assessment Tool · Trust & Legal

Trust & Security

Last updated: 2026-05-15 · Classification: Public
CAT Trust Center

Security & compliance you can verify.

Compliance Assessment Tool, LLC helps acquiring banks and ISOs onboard their merchants through PCI DSS v4.1 self-assessment in minutes instead of weeks. Below is everything you need to start a vendor-risk review.

Company at a glance

Legal entity
Compliance Assessment Tool, LLC
Registered in
Delaware, USA
Headquarters
1111B S Governors Ave, #39128, Dover, DE 19904
Data residency
AWS us-east-1 (N. Virginia)

Current compliance posture

FrameworkStatusEvidence
PCI DSS v4.1 — SAQ A Attested Signed Attestation of Compliance on file. View AoC (PDF). We do not store, process, or transmit cardholder data on our infrastructure.
GDPR + UK GDPR DPA available SCCs + UK Addendum incorporated into our standard DPA.
CCPA / CPRA Compliant We act as a service provider. See Privacy Policy.
OpenAI Data Processing Addendum In force Executed February 3, 2026 (org-JZrfeV5ZWRQ4S6T7MfWaO4pC). API data not used for model training; retained by OpenAI ≤30 days, then deleted. See summary.

Security controls (summary)

Document library

DocumentAudienceUpdated
Security OverviewPublic2026-05-15
Privacy PolicyPublic2026-05-15
Terms of ServicePublic2026-05-15
Acceptable Use PolicyPublic2026-05-15
Service Level AgreementPublic2026-05-15
Sub-processor ListPublic2026-05-15
Reference ArchitecturePublic2026-05-15
Master Services AgreementUnder NDA2026-05-15
Data Processing AddendumUnder NDA2026-05-15
Order Form templateUnder NDA2026-05-15
Information Security PolicyUnder NDA2026-05-15
Incident Response PlanUnder NDA2026-05-15
Business Continuity / Disaster RecoveryUnder NDA2026-05-15
Vendor Questionnaire (SIG/CAIQ) AnswersUnder NDA2026-05-15

Request access to confidential documents

For our full Information Security Policy, IR / BCP plans, or completed SIG/CAIQ responses, contact chris.larson@complianceassessmenttool.com. We share under a one-page mutual NDA.

Responsible disclosure

Found a vulnerability? Email chris.larson@complianceassessmenttool.com with reproduction steps. We respond within one business day, do not pursue good-faith researchers, and credit reporters in our public security acknowledgements (with permission).