ChargeHub Achieves SOC 2 Type II Certification: What It Means for Our Partners

SOC 2 is an auditing framework developed for technology and data service companies. It evaluates whether an organization's controls around security, availability, and confidentiality actually work, not just whether they exist on paper.

The distinction between Type I and Type II matters. A Type I audit is a point-in-time assessment: it confirms that controls are designed correctly as of a specific date. Type II goes further. It examines whether those controls operated effectively over an extended period and is validated by an independent third-party auditor. That sustained, verified track record is what enterprise procurement and IT teams look for when evaluating a vendor.

For ChargeHub's partners, the certification isn't a self-assessment or a checklist. It's an external, time-tested validation of how we handle your data.

"SOC 2 Type II gave us a formal framework to validate what we were already doing. The audit process pushed us to document, test, and prove our controls over time, not just describe them."
— Olivier Proulx, CTO, ChargeHub

Public EV charging isn't a closed system. Every charging session connects multiple parties: the driver, the hardware, the charging network, the mobility operator, the payment processor. Data moves across all of them. In a roaming transaction alone, session credentials, authorization tokens, and billing records pass through several hands before a charge is confirmed.

ChargeHub sits at the center of that exchange. Passport Hub connects 27 roaming partners across the US and Canada, the most of any roaming solution in North America, and gives access to over 160,000 charging ports. We also operate one of the continent's leading public charging apps. That scale means the data flows we handle aren't incidental. They're critical infrastructure for the networks and operators that depend on them, making rigorous data governance a core operational requirement, not a compliance exercise.

"When you're the connective tissue between networks and operators, the security of your platform is everyone's problem. We took that responsibility seriously before SOC 2, and the certification formalizes that commitment."
— Olivier Proulx, CTO, ChargeHub

The EV charging industry is scaling fast. More networks, more operators, more drivers, more data. Maintaining trust at that scale requires controls that are independently verified rather than self-reported. That's exactly what SOC 2 Type II delivers.

ChargeHub's SOC 2 Type II audit covers every system we operate, with no carve-outs by product or data type. That includes the public-facing app used by EV drivers across North America, the business solutions and API integrations used by our charge point operator (CPO) and eMobility service provider (eMSP) partners, the roaming and payment data flowing through Passport Hub, and our internal operational infrastructure, including employee access and data handling.

That breadth is deliberate. A certification scoped to a single product line or a subset of data flows creates blind spots that partners must still assess independently. By submitting our full operations to the audit, we give partners a single, comprehensive point of reference for their due diligence.

The practical impact of SOC 2 Type II certification depends on who you are and how you work with ChargeHub.

CPOs and eMSPs integrating with ChargeHub's platform

• Simplifies vendor due diligence for enterprise procurement and IT approval processes

• Provides documented, third-party evidence of security controls, no custom assessment required

• Audit report available on request under NDA

Mobility operators relying on Passport Hub for roaming

• The infrastructure handling your session data and payment flows has been independently validated

• Reduces the burden of ongoing partner security reviews

Prospects and new partners evaluating ChargeHub as an enterprise vendor

• SOC 2 Type II signals operational maturity and a sustained investment in security

• Formal documentation available to support your internal approval process

Earning SOC 2 Type II certification doesn't close the file on security. The certification requires an independent audit every year. Controls are reviewed continuously. Any changes to our systems or processes are evaluated against the same standards that earned us the certification in the first place.

That annual cycle matters for partners. It means the report you receive today reflects current practices, not a one-time effort from a previous year. And it means ChargeHub's security posture evolves alongside the platform, not behind it.

"The annual audit cycle is what gives our certification its weight. Every year, we have to demonstrate that our controls still hold. That's not a burden: it's the point."
— Olivier Proulx, CTO, ChargeHub