============================================================ VENDOR COMPLIANCE REPORT ============================================================ Generated: 2026-03-23 Source: TrustCompliance.xyz ------------------------------------------------------------ COMPANY INFORMATION ------------------------------------------------------------ Company Name: Roo Code Legal Name: Roo Code, Inc. Website: https://roocode.com Slug: roo-code ------------------------------------------------------------ DATABASE STATUS ------------------------------------------------------------ Status: FOUND in leaked database ------------------------------------------------------------ RISK SCORE ------------------------------------------------------------ Score: 34 / 100 Grade: D Summary: High risk. Significant audit integrity concerns detected. Recommend obtaining an independent compliance assessment before vendor engagement. Dimensions: Audit Integrity: 1/100 (35% weight) [NEGATIVE] Company found in leaked database of template-based audit reports [NEGATIVE] 2 separate reports found, suggesting repeated engagement with flagged auditor [NEGATIVE] Type 2 reports require observation period testing - template usage is more concerning here [NEGATIVE] Audit performed by firm flagged for systematic template reuse Compliance Coverage: 35/100 (25% weight) [NEUTRAL] SOC 2 report found, from a flagged source [NEUTRAL] Reports dated within Jan-Dec 2025 observation window Infrastructure & Security: 75/100 (20% weight) [POSITIVE] Company maintains a public website [POSITIVE] Website configured with HTTPS [NEUTRAL] Hosted on Vercel Transparency & Governance: 50/100 (20% weight) [POSITIVE] Registered as "Roo Code, Inc." [NEUTRAL] System description found in audit reports [NEGATIVE] Zero exceptions reported across all audit periods - statistically improbable, suggests inadequate testing ------------------------------------------------------------ REPORTS FOUND ------------------------------------------------------------ Total Reports: 2 Report Types: SOC 2 Type 2 Report 1: Type: SOC 2 Type 2 Observation Period: Roo Code is a platform that enables high-leverage builders to orchestrate AI-driven product development. Report 2: Type: SOC 2 Type 2 Observation Period: June 10, 2025 - September 10, 2025 ------------------------------------------------------------ INFRASTRUCTURE PROVIDERS ------------------------------------------------------------ - Vercel ------------------------------------------------------------ RECOMMENDATIONS ------------------------------------------------------------ - Roo Code was found in the leaked Delve audit database. - Their SOC 2 / ISO 27001 reports may have been template-based. - Request a new audit from a verified, independent CPA firm. - Ask the vendor about their awareness of the Delve situation. - Consider requiring auditor rotation for ongoing engagements. - Review the vendor's actual security controls independently. ------------------------------------------------------------ DISCLAIMER ------------------------------------------------------------ This report is generated by TrustCompliance.xyz and is based on publicly leaked audit data. It is provided for informational purposes only and does not constitute legal, financial, or professional advice. Inclusion in the leaked database does not constitute an accusation of wrongdoing by the listed company. Many companies may have been unaware of Delve's practices. ============================================================ Report generated on 2026-03-23 by TrustCompliance.xyz ============================================================