Compliance & Certifications

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR). This includes:

• Data Processing Agreements (DPA) available for all customers
• Right to access, rectify, and delete personal data
• Data portability in standard formats (CSV, JSON)
• Consent management and tracking tools built-in
• Data breach notification procedures within 72 hours
• Privacy by design in all new features

SOC 2 Type II

Our infrastructure and processes meet SOC 2 Type II standards, covering:

• Security — protection against unauthorized access
• Availability — system uptime and accessibility commitments
• Processing Integrity — accurate, complete data processing
• Confidentiality — restriction of data access to authorized personnel
• Privacy — collection, use, and disposal of personal information

CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act:

• Right to know what personal data is collected
• Right to delete personal information
• Right to opt-out of data sale (we never sell data)
• Non-discrimination for exercising rights

Data Protection

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Regular penetration testing and vulnerability assessments
• Multi-region data residency options (Enterprise plans)
• Automated backups with point-in-time recovery
• IP allowlisting and network-level access controls

Additional Certifications

Need Compliance Documentation?

We provide DPAs, security questionnaire responses, and compliance certificates upon request.