Compliance & Certifications

Service Organization Control 2 Type II certification demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy.

• Annual third-party audit
• Continuous monitoring of controls
• Covers security and availability criteria
• Report available under NDA

We comply with the General Data Protection Regulation for processing personal data of EU residents.

• Data Processing Agreements available
• Standard Contractual Clauses for transfers
• Privacy by design principles
• Data subject rights supported

We comply with the California Consumer Privacy Act and California Privacy Rights Act.

• Consumer rights requests honored
• Do not sell personal information
• Privacy notice provided
• Service provider agreements in place

HIPAA-compliant deployment available for healthcare customers handling protected health information.

• Business Associate Agreements available
• PHI safeguards implemented
• Audit logging for compliance
• Enterprise plan required

We are working toward ISO 27001 certification for our information security management system.

• ISMS framework implemented
• Risk assessment procedures
• Continuous improvement process
• Expected certification: Q3 2026

Payment card data is handled by PCI DSS compliant payment processors. We do not store card data.

• Stripe handles payment processing
• No card data stored on our servers
• Secure payment flows
• SAQ A compliance