Compliance

EU-US Data Privacy Framework

We are fully compliant with the EU-U.S. Data Privacy Framework (“DPF”), ensuring that data transfers between the European Union and the United States meet the stringent privacy standards required by EU regulations. This compliance allows us to safely process and protect personal data transferred from the EU in line with the DPF’s principles of transparency, accountability, and data integrity. By adhering to these rigorous standards, we ensure that all EU-origin personal data is managed with the same level of protection and respect for privacy as required by EU law, supporting our commitment to international data security and privacy compliance.

General Data Protection Regulation (GDPR)

Our company is fully committed to compliance with the General Data Protection Regulation (GDPR), ensuring that all personal data of EU individuals is collected, processed, and stored according to GDPR’s strict standards for data privacy and protection. By adhering to GDPR requirements, we demonstrate our commitment to protecting personal data and maintaining trust with our EU clients and partners.

European Union’s Cloud Code of Conduct

We adhere to the European Union’s Cloud Code of Conduct (EU COC) for Cloud Service Providers, ensuring that we meet the strict data protection requirements set by the European Union.
The EU COC is a voluntary, industry-led initiative that establishes best practices for cloud service providers to ensure compliance with the EU’s General Data Protection Regulation (GDPR). By following this code, we demonstrate our commitment to handling your data responsibly and in full compliance with EU data protection laws.

California Consumer Privacy Act (CCPA)

We also comply with the CCPA, ensuring that residents of California have control over their personal information. Our CCPA practices provide:

• Transparency on what personal data is collected and how it’s used.
• Options to request deletion, know what data is collected, and opt-out of the sale of personal information.
• Security measures to safeguard personal data and comply with California’s privacy laws.

Health Insurance Portability and Accountability Act (HIPAA)

As a Business Associate under HIPAA, we handle Protected Health Information (PHI) with the highest levels of confidentiality and security. We follow strict security guidelines to ensure:

• PHI is processed, stored, and transmitted securely, in compliance with HIPAA regulations.
• Rigorous safeguards, including encryption and access controls, are in place to protect sensitive healthcare data.

Payment Card Industry Data Security Standard (PCI-DSS)

For customers processing payment data, we adhere to PCI-DSS standards. This means:

• We maintain strict security controls to protect cardholder information.
• Encryption, secure payment processing, and access controls prevent unauthorized access to payment data.
• We follow continuous monitoring practices to detect and respond to potential threats.

ISO 27001 and ISO 27701

We’ve achieved ISO 27001 certification, an internationally recognized standard for information security management. This certification ensures:

• We have a comprehensive Information Security Management System (ISMS) to protect your data.
• Our systems are regularly audited and improved to manage risks and safeguard your information.

In addition, ISO 27701 extends our focus to managing personal data privacy, enhancing our commitment to GDPR and CCPA compliance.

SOC 1, 2, and 3 Compliance

We follow SOC 1, 2, and 3 compliance standards to ensure the security, availability, and confidentiality of your data. Our independent audits verify:

• Strong internal controls and processes are in place to protect your data and ensure accuracy.
• Our systems are designed to detect and respond to breaches quickly and effectively.
• You can review our SOC 3 report for a high-level overview of our compliance efforts.