Compliance & Certifications

General Data Protection Regulation compliance for all EU users

• Right to access personal data
• Right to rectification and erasure
• Data portability support
• Privacy by design and default
• Data processing agreements with all vendors
• EU representative appointed

California Consumer Privacy Act compliance

• Consumer rights notices
• Do Not Sell My Personal Information option
• Data deletion requests honored within 45 days
• Detailed privacy policy disclosure
• Opt-out mechanisms for data sales

Health Insurance Portability and Accountability Act compliance

• Business Associate Agreements (BAA)
• PHI encryption and access controls
• Audit logging and monitoring
• Breach notification procedures
• Regular risk assessments
• Workforce training programs

Payment Card Industry Data Security Standard

• Secure payment processing via Stripe
• No storage of card data
• Encrypted payment transactions
• Regular security scanning
• Network segmentation
• Quarterly compliance reviews

NIST Cybersecurity Framework

Comprehensive framework for managing cybersecurity risks

• Identify: Asset management and risk assessment
• Protect: Access control and data security
• Detect: Continuous monitoring and detection
• Respond: Incident response planning
• Recover: Recovery planning and improvements

CIS Controls

Center for Internet Security critical security controls

• Inventory and control of hardware assets
• Continuous vulnerability management
• Controlled use of administrative privileges
• Secure configuration for hardware and software
• Maintenance, monitoring, and analysis of audit logs