1. Home
  2. Compliance
Compliance

The paperwork your sustainability team will love us for.

We are a small Colorado broker, not a Fortune-500 supplier — but we keep audited records, publish our methodology, and produce the kind of documentation that survives an actual third-party audit. Here's what we have on file.

Tell us what you have, or what you need. A human reads every request and replies within one business day — no chatbots, no phone calls.

We never share your info. Required fields are marked with *.

What we maintain.

  • Audited diversion records. Every inbound and outbound truck weighed at the gate, logged in the WMS, and reconciled monthly. Independent audit performed once a year.
  • Methodology documentation. A one-page description of how we convert tonnage into CO\u2082e avoidance, water saved and trees not harvested. Updated whenever the EPA WARM model is revised.
  • Chain of custody for licensed buyers. Pickup and delivery logs for cannabis cultivators include receiver license number, BOL, date, and unit count. Producible within an hour of a regulator request.
  • Per-customer diversion certificates. A one-page PDF for every shipment showing the tonnage diverted and the CO\u2082e avoidance calculated under EPA WARM.
  • Annual sustainability report. Published every Q1. Audited, footnoted, and freely available to anyone who emails us. See our blog post on how to write a sustainability report that survives an audit for the meta-commentary.

What we’re NOT certified for.

We are honest about this so nobody is surprised. We do not currently hold an FSC chain-of-custody certification (we’re looking at it for 2026), we are not B Corp certified (the audit is expensive and we have not gotten to it), and we do not have ISO 14001 environmental management certification. We can partner with vendors who have all of those if your procurement process requires them.

Frameworks we report into.

  • EPA WARM (Waste Reduction Model) for tonnage and CO\u2082e math.
  • AF&PA water-use factors for water savings calculations.
  • Environmental Paper Network fiber-per-tree baseline.
  • ISRI grading standards for OCC bales sold downstream.

Paperwork on demand.

If your auditor needs anything from us — methodology, source data, weighing tickets, BOLs, third-party verifications — drop a note in the form above and we’ll respond inside one business day. We’ve been through enough audits that the paperwork lives in well-organized folders, not in a dusty cabinet.

The audit history.

YearAudit typeFindingsStatus
2022First independent annual audit14 (all minor)All addressed by Q4 2022
2023Annual recurring audit4 (none material)All addressed by Q3 2023
2024Annual recurring audit2 (administrative)All addressed
2025Annual recurring audit1 (methodology footnote)Addressed

How we maintain chain of custody for cannabis customers.

Every gaylord we deliver to a Colorado-licensed cannabis cultivator is logged with the receiver’s license number, the BOL, the date, the unit count and the grade. Pickup records follow the same template. Our internal database lets us produce a chain-of-custody report for any specific shipment within an hour of an MED inspector or auditor request.

How our diversion math is verified.

Every inbound and outbound truck is weighed at our gate scale. The scale tickets are reconciled monthly against the WMS log. Our methodology document, listing the EPA WARM model version and the conversion factors, is updated whenever the EPA publishes a new model release. The independent auditor reviews the entire reconciliation chain annually and writes up findings — most are administrative, occasionally one flags a methodology gap that we address before the report goes public.

What we can produce on request.

  • Weighing tickets for any inbound or outbound shipment, going back 7 years.
  • BOLs for the same period.
  • Audited annual sustainability reports for 2022, 2023, 2024, 2025.
  • EPA WARM methodology documentation, including version history.
  • Per-customer diversion certificates retroactively.
  • Chain-of-custody reports for cannabis customers.
  • Insurance certificates and W-9 documents.
  • Vendor questionnaires (we’ve filled out hundreds).

Compliance FAQ.

Are you SOC 2 compliant?

No — SOC 2 is a software/data compliance framework that doesn’t apply to a physical packaging operation like ours. We’re happy to discuss what we do and don’t store about our customers if your security team needs to know.

Are you GDPR compliant?

We don’t serve EU customers and we don’t store EU resident data. If your operation has GDPR concerns about a US-based vendor, we’ll discuss them.

Do you have a written information security policy?

Yes, the basics — encrypted backups, MFA on critical accounts, role-based access to the WMS, a 7-year document retention policy. It’s a small company so the policy is short.

Will you sign an NDA?

Yes, we sign mutual NDAs with customers all the time. Most use a standard template that takes us about an hour to review.

Will you sign a master service agreement?

Yes, with reasonable terms. We’ve signed dozens. We push back on indemnification language that goes beyond consequential damages, and we don’t accept exclusivity clauses for an entire region.

Compliance and Certifications — Audit Trails and ESG Paperwork by Denver Eco Boxes