acmecorp.comThis document is a point-in-time evidence bundle assembled from the target's public trust and safety surfaces. It is not a SOC 2 audit, a penetration test, or legal advice. It is a fact-pattern intended for a procurement or vendor risk file.
Compliance check: No exact or high-confidence matches against OFAC, LEIE, or SAM exclusion lists.
Scrape duration: 18s across 17 URLs.
The scrape targets only public URLs at conventional paths and subdomains. No authentication is used, no active scanning is performed, and no robots.txt-blocked resources are fetched. DNS lookups are standard recursive resolutions. TLS certificate inspection is a passive read of the handshake. The WHOIS pull uses a third-party API (whoisxmlapi). The Compliance API check screens the supplied legal entity name against the U.S. Treasury OFAC SDN list, the OIG LEIE list, and the SAM.gov exclusion list. Coverage is approximately 269,000 records as of the report date.
| Surface | URL | Status | Note |
|---|---|---|---|
| security.txt | https://acmecorp.com/.well-known/security.txt | PUBLISHED | Published. 412 bytes captured. Security contact: security@acmecorp.com. |
| Privacy policy | https://acmecorp.com/privacy | PUBLISHED | Published. 38,402 bytes captured. |
| Security page | https://acmecorp.com/security | PUBLISHED | Published. 21,118 bytes captured. |
| Trust center | https://acmecorp.com/trust | PUBLISHED | Published. 15,604 bytes captured. |
| Sub-processors | https://acmecorp.com/sub-processors | PUBLISHED | Published. 8,902 bytes captured. 14 third-party sub-processors listed. |
| Terms of service | https://acmecorp.com/terms | PUBLISHED | Published. 44,810 bytes captured. |
| GDPR page | https://acmecorp.com/gdpr | PUBLISHED | Published. 9,210 bytes captured. |
| CCPA page | https://acmecorp.com/ccpa | NOT FOUND | Not published at conventional URL. CCPA references may live inside the privacy policy. |
| Certifications | https://acmecorp.com/certifications | NOT FOUND | No certifications index page. SOC 2 and ISO 27001 logos appear on /security but no badge or report link. |
| Status subdomain | https://status.acmecorp.com/ | PUBLISHED | Published. Statuspage.io hosted. Uptime visible 90 days. |
| Legal index | https://acmecorp.com/legal | PUBLISHED | Published. Aggregates terms, privacy, DPA links. |
| TLS certificate | https://acmecorp.com | PUBLISHED | Issuer Cloudflare Inc ECC CA-3, expires 2026-08-14 (85 days). TLSv1.3 / TLS_AES_256_GCM_SHA384. |
| SPF record | txt:acmecorp.com | PUBLISHED | v=spf1 include:_spf.google.com include:mailgun.org ~all |
| DMARC record | txt:_dmarc.acmecorp.com | REVIEW | v=DMARC1; p=none; rua=mailto:dmarc@acmecorp.com. Policy is monitor-only, not enforcing. |
| MTA-STS | txt:_mta-sts.acmecorp.com | NOT FOUND | No MTA-STS policy advertised. |
| Privacy variant | https://acmecorp.com/privacy-policy | NOT FOUND | Redundant path not used. Main policy lives at /privacy. |
| Compliance index | https://acmecorp.com/compliance | NOT FOUND | No /compliance index page. |
v=spf1 include:_spf.google.com include:mailgun.org ~all
v=DMARC1; p=none; rua=mailto:dmarc@acmecorp.com; ruf=mailto:dmarc@acmecorp.com; adkim=s; aspf=s
not configured
0 issue "letsencrypt.org" 0 issue "digicert.com" 0 iodef "mailto:security@acmecorp.com"
Issuer: Cloudflare Inc ECC CA-3 Subject: acmecorp.com Valid from: Feb 14 00:00:00 2026 GMT Valid to: Aug 14 23:59:59 2026 GMT Days left: 85 Protocol: TLSv1.3 Cipher: TLS_AES_256_GCM_SHA384
Entity screened: Acme Software, Inc.
Lists checked: OFAC SDN, OIG LEIE, SAM.gov exclusions.
| Source | Match name | Score | Details |
|---|---|---|---|
| No matches at exact or high-confidence threshold. | |||
| SAM | ACME SOFTWARE LTD (Belize) | 61.2% | Name collision, different jurisdiction. Low confidence. |
Match scores are fuzzy. An exact or high-confidence hit is rare and should be cross-checked against the official source list. Medium and low scores are name collisions in the vast majority of cases.
| URL | SOC 2 | ISO 27001 | HIPAA | GDPR | CCPA | PCI-DSS | FedRAMP |
|---|---|---|---|---|---|---|---|
https://acmecorp.com/security | Y | Y | Y | Y | |||
https://acmecorp.com/trust | Y | Y | Y | Y | |||
https://acmecorp.com/privacy | Y | Y | Y |
Mention != certification. Treat each row as a starting point for a vendor questionnaire.
| Registrar | MarkMonitor, Inc. |
|---|---|
| Registered on | 2009-06-12 |
| Expires on | 2027-06-12 |
| Registrant org | Acme Software, Inc. |
| Country | US |
| Domain age (days) | 6,187 |
| Error |
p=none to at least p=quarantine before enforcing in the buyer's email ingress rules./privacy or require a separate request.URL: https://acmecorp.com/.well-known/security.txt Status: 200 Content-Type: text/plain Length: 412 bytes Duration: 142ms Snippet: Contact: mailto:security@acmecorp.com Expires: 2027-01-01T00:00:00Z Encryption: https://acmecorp.com/.well-known/pgp-key.txt Preferred-Languages: en Canonical: https://acmecorp.com/.well-known/security.txt Policy: https://acmecorp.com/security/policy Hiring: https://acmecorp.com/careers/security
URL: https://acmecorp.com/privacy
Status: 200
Content-Type: text/html; charset=utf-8
Length: 38,402 bytes
Duration: 318ms
Snippet:
Acme Software, Inc. Privacy Policy. Last updated April 14, 2026.
This Privacy Policy describes how Acme Software, Inc. ("Acme", "we", "us", or "our") collects,
uses, and shares information when you use our products and services...
URL: https://acmecorp.com/sub-processors Status: 200 Content-Type: text/html; charset=utf-8 Length: 8,902 bytes Duration: 198ms Snippet: Sub-processors. Last updated March 30, 2026. The following sub-processors may process Customer Data on behalf of Acme: Amazon Web Services (US), Stripe (US), Twilio (US), Datadog (US), Cloudflare (US), Mailgun (US), Segment (US), Mixpanel (US), Auth0 (US), Sentry (US), Snowflake (US), HubSpot (US), Zendesk (US), Linear (US).