Compliance

Meeting global standards for data protection and security
SOC 2 Type II
In Progress

Comprehensive audit of security, availability, processing integrity, confidentiality, and privacy controls.

Annual penetration testing

Vulnerability scanning and remediation

Incident response procedures

Change management processes

GDPR (EU)
Compliant

Full compliance with European data protection regulations for user privacy and data rights.

Data portability via GitOps exports

Right to deletion (30-day purge)

Data processing agreements available

EU data residency options (Enterprise)

CCPA (California)
Compliant

California Consumer Privacy Act compliance for transparency and user control.

Do Not Sell My Data honored

Disclosure of data collection practices

Opt-out mechanisms for analytics

Annual privacy audit reports

HIPAA
Available (Enterprise)

Business Associate Agreements (BAA) for healthcare organizations handling PHI.

Signed BAA required before PHI processing

Encryption of PHI at rest and in transit

Access controls and audit logs

Breach notification procedures

Certifications & Standards

ISO 27001 (Security Management) - Planned 2026

ISO 27017 (Cloud Security) - Planned 2026

ISO 27018 (Cloud Privacy) - Planned 2026

PCI DSS (Payment Card Industry) - Stripe handles payments

Need a Custom Compliance Agreement?

Enterprise customers can request custom Data Processing Agreements (DPA), Business Associate Agreements (BAA), or compliance reports.

Contact Compliance Team