The Provider Trust Registry contains compliance information for all AI providers available through Case.dev. Use this data to configure governance policies that meet your regulatory requirements.Documentation Index
Fetch the complete documentation index at: https://docs.case.dev/llms.txt
Use this file to discover all available pages before exploring further.
Verification Required: We aggregate compliance information from provider documentation, but you should verify certifications directly with providers for your specific regulatory requirements.
Provider Compliance Matrix
Most Trusted Providers
Full enterprise compliance with SOC 2 Type II, HIPAA, BAA, and Zero Data Retention.| Provider | SOC 2 | HIPAA | BAA | ZDR | HQ | Data Residency |
|---|---|---|---|---|---|---|
| Anthropic | Yes | Yes | Yes | Yes | US | US, EU |
| OpenAI | Yes | Yes | Yes | Yes | US | US, EU |
| Azure OpenAI | Yes | Yes | Yes | Yes | US | US, EU, UK |
| Google (Vertex AI) | Yes | Yes | Yes | Yes | US | US, EU |
| AWS Bedrock | Yes | Yes | Yes | Yes | US | US, EU |
Trusted Providers
Good compliance posture, may lack some certifications.| Provider | SOC 2 | HIPAA | BAA | ZDR | HQ | Data Residency |
|---|---|---|---|---|---|---|
| Groq | Yes | Yes | Yes | Yes | US | US |
| DeepInfra | Yes | Yes | - | Yes | US | US, EU |
| Fireworks | Yes | Yes | - | Yes | US | US |
| Together AI | Yes | Yes | - | Yes | US | US |
| Mistral | Yes | - | - | Yes | FR | EU |
| Cohere | Yes | Yes | Yes | Yes | CA | US, EU |
Untrustworthy Providers
China-based or subject to national security laws. Always blocked by default.| Provider | SOC 2 | HIPAA | BAA | ZDR | HQ | Risk |
|---|---|---|---|---|---|---|
| DeepSeek | - | - | - | - | CN | National security laws |
| Baidu | - | - | - | - | CN | National security laws |
| Alibaba Cloud | - | - | - | - | CN | National security laws |
| ByteDance | - | - | - | - | CN | National security laws |
Query Provider Registry
Get provider compliance data programmatically.Response
Filter by Compliance
Filter by Trust Tier
Provider Registry Schema
TypeScript Types
Certification Details
SOC 2 Type II
SOC 2 Type II certification demonstrates that a provider has implemented controls for:- Security: Protection against unauthorized access
- Availability: System availability for operation and use
- Processing Integrity: System processing is complete, valid, accurate, timely
- Confidentiality: Information designated as confidential is protected
- Privacy: Personal information is collected, used, retained, and disclosed appropriately
HIPAA Compliance
HIPAA compliance indicates the provider can handle Protected Health Information (PHI):- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Policies and procedures
Business Associate Agreement (BAA)
A BAA is a contract required by HIPAA when a covered entity shares PHI with a business associate:- Defines permitted uses of PHI
- Requires appropriate safeguards
- Specifies breach notification requirements
- Allows termination if terms are violated
Zero Data Retention (ZDR)
Zero Data Retention means the provider:- Does not store request/response data beyond processing
- Does not use your data for model training
- May still log metadata for abuse prevention
- Typically requires enterprise agreement
Data Residency
Some regulations require data to remain in specific geographic regions:| Region | Common Requirements |
|---|---|
| US | HIPAA, SOX, FERPA |
| EU | GDPR, EU-US Data Privacy Framework |
| UK | UK GDPR, UK-US Data Bridge |
| APAC | PDPA (Singapore), DPDP (India), PIPL (China) |
Data Residency Policies: Use
providerAllowlist in your governance policy to restrict to providers with specific data residency options.Next Steps
Browse All Models
Explore 195+ models with pricing and capabilities in our visual catalog.
Policy Configuration
Create policies using provider compliance data.
Audit Logging
Track which providers are used in your requests.