Compliance & Certifications

Industry-leading certifications and regulatory compliance. Your trust is backed by rigorous third-party audits and continuous monitoring.

A+

TRUST SCORE

SOC 2 Type II

Service Organization Control

Active & Compliant

Audit Period 12 months
Last Audit March 2025
Next Audit March 2026
Trust Principles All 5
Auditor PwC

ISO 27001:2022

Information Security Management

Certified

Certificate No. IS-2025-1847
Valid Until June 2028
Scope Full ISMS
Controls 114/114
Certifying Body BSI

GDPR Compliant

EU Data Protection

Fully Compliant

DPO Appointed Yes
Privacy by Design Implemented
Data Residency EU + US
DPIAs Completed 12
BCRs Approved

HIPAA Compliant

Healthcare Data Protection

BAA Available

Encryption AES-256
Access Controls RBAC + MFA
Audit Logs 7 years
Risk Assessment Annual
Training 100%

PCI DSS Level 1

Payment Card Security

Validated

SAQ Type SAQ D
Last Scan June 2025
Tokenization Enabled
Requirements 12/12
QSA Deloitte

AI Ethics Certified

Responsible AI Framework

Verified

Framework IEEE 7000
Bias Testing Continuous
Transparency Level 4
Explainability Full
Review Board External

Compliance Control Matrix

Control Domain	SOC 2	ISO 27001	GDPR	HIPAA	PCI DSS	Status
Access Control	CC6.1	A.9	Art. 32	§164.312(a)	Req. 7	Implemented
Encryption	CC6.7	A.10	Art. 32	§164.312(e)	Req. 3	Implemented
Incident Response	CC7.3	A.16	Art. 33-34	§164.308(a)(6)	Req. 12	Implemented
Risk Assessment	CC3.1	A.6	Art. 35	§164.308(a)(1)	Req. 12	Implemented
Vendor Management	CC9.2	A.15	Art. 28	§164.314(a)	Req. 12	Implemented
Data Retention	CC8.1	A.8	Art. 5	§164.316(b)	Req. 3	Implemented
Audit Logging	CC7.2	A.12	Art. 5(2)	§164.312(b)	Req. 10	Implemented
Physical Security	CC6.5	A.11	Art. 32	§164.310	Req. 9	Implemented

Regional Compliance

🇪🇺

European Union

GDPR (General Data Protection Regulation)
ePrivacy Directive
NIS2 Directive
Digital Services Act
AI Act (Preparing)

🇺🇸

United States

CCPA/CPRA (California)
HIPAA (Healthcare)
SOX (Financial)
FERPA (Education)
State Privacy Laws (12 states)

🇬🇧

United Kingdom

UK GDPR
Data Protection Act 2018
PECR
Network Security Regulations

🇨🇦

Canada

PIPEDA
Privacy Act
CASL (Anti-Spam)
Provincial Privacy Laws

🇦🇺

Australia

Privacy Act 1988
APP (Privacy Principles)
Notifiable Data Breaches
CDR (Consumer Data Right)

🌏

Asia-Pacific

Singapore PDPA
Japan APPI
South Korea PIPA
India DPDP

Audit & Assessment Timeline

June 2025

PCI DSS Level 1 Validation

Successfully completed quarterly network scan and annual on-site assessment. Zero critical findings.

📄 AOC Report 📊 Scan Results

March 2025

SOC 2 Type II Annual Audit

12-month audit period covering all five trust principles. Clean opinion with no exceptions noted.

📑 SOC 2 Report

January 2025

ISO 27001 Surveillance Audit

Annual surveillance audit completed. 3 minor non-conformities identified and resolved within 30 days.

🏅 Certificate 📋 Audit Report

November 2024

HIPAA Risk Assessment

Comprehensive risk assessment across all safeguards. Updated policies and enhanced encryption protocols.

🔒 Risk Matrix

September 2024

AI Ethics Review

External board review of AI systems. Achieved highest rating for transparency and bias mitigation.

🤖 Ethics Report

Compliance Score Breakdown

90%

Technical Controls

95%

Administrative Controls

100%

Physical Security

92.5%

Compliance Coverage

Compliance Documentation

Download our compliance reports, certificates, and security documentation

📋

SOC 2 Type II Report

PDF • 2.4 MB

🏅

ISO 27001 Certificate

PDF • 456 KB

🔒

Security Whitepaper

PDF • 3.1 MB

📊

GDPR Compliance Pack

ZIP • 5.7 MB

✅

PCI DSS AOC

PDF • 890 KB

🤖

AI Ethics Framework

PDF • 1.8 MB

Compliance & Security Team

For compliance inquiries, audit requests, or security questionnaires

Contact Compliance Team Security Inquiries Visit Trust Center

Response time: Enterprise customers receive priority response within 24 hours