Compliance

We’ve achieved ISO 27001 certification, an internationally recognized standard for information security management. This certification ensures:

• We have a comprehensive Information Security Management System (ISMS) to protect your data.
• Our systems are regularly audited and improved to manage risks and safeguard your information.

In addition, ISO 27701 extends our focus to managing personal data privacy, enhancing our commitment to GDPR and CCPA compliance.

We follow SOC 1, 2, and 3 compliance standards to ensure the security, availability, and confidentiality of your data. Our independent audits verify:

• Strong internal controls and processes are in place to protect your data and ensure accuracy.
• Our systems are designed to detect and respond to breaches quickly and effectively.
• You can review our SOC 3 report for a high-level overview of our compliance efforts.

For customers processing payment data, we adhere to PCI-DSS standards. This means:

• We maintain strict security controls to protect cardholder information.
• Encryption, secure payment processing, and access controls prevent unauthorized access to payment data.
• We follow continuous monitoring practices to detect and respond to potential threats.

Our company is fully committed to compliance with the General Data Protection Regulation (GDPR), ensuring that all personal data of EU individuals is collected, processed, and stored according to GDPR’s strict standards for data privacy and protection. By adhering to GDPR requirements, we demonstrate our commitment to protecting personal data and maintaining trust with our EU clients and partners.

We are fully compliant with the EU-U.S. Data Privacy Framework (“DPF”), ensuring that data transfers between the European Union and the United States meet the stringent privacy standards required by EU regulations. This compliance allows us to safely process and protect personal data transferred from the EU in line with the DPF’s principles of transparency, accountability, and data integrity. By adhering to these rigorous standards, we ensure that all EU-origin personal data is managed with the same level of protection and respect for privacy as required by EU law, supporting our commitment to international data security and privacy compliance.

We further demonstrate our commitment to handing your data responsibly by adhering to EU Data Protection Code of Conduct for Cloud Service Providers (EU Cloud CoC) for Cloud Service Providers (Adherence ID: 2024LVL02SCOPE5420. Please click EU Cloud CoC’s public register to see details) to meet EU’s strict data protection requirements.
The EU Cloud CoC is a voluntary, industry-led initiative that establishes best practices for cloud service providers to ensure compliance with the EU’s General Data Protection Regulation (GDPR).

We also comply with the CCPA, ensuring that residents of California have control over their personal information. Our CCPA practices provide:

• Transparency on what personal data is collected and how it’s used.
• Options to request deletion, know what data is collected, and opt-out of the sale of personal information.
• Security measures to safeguard personal data and comply with California’s privacy laws.

As a Business Associate under HIPAA, we handle Protected Health Information (PHI) with the highest levels of confidentiality and security. We follow strict security guidelines to ensure:

• PHI is processed, stored, and transmitted securely, in compliance with HIPAA regulations.
• Rigorous safeguards, including encryption and access controls, are in place to protect sensitive healthcare data.