Security First by Design

Trust, Transparency &
Regulatory Compliance

At #divisions, compliance isn't an afterthoughtβ€”it's foundational. We maintain rigorous security standards, transparent data practices, and continuous auditing to protect your business and meet global regulatory requirements.

Certifications & Standards

Independently Audited & Verified

Our infrastructure and processes undergo regular third-party assessments to ensure alignment with industry-leading frameworks.

πŸ›‘οΈActive

SOC 2 Type II

Annual audits verify our controls for security, availability, processing integrity, confidentiality, and privacy across all customer data handling.

View Trust Report β†’
🌍Active

ISO 27001:2022

Certified Information Security Management System (ISMS) with continuous risk assessment, incident response protocols, and employee training.

Certificate Details β†’
πŸ‡ͺπŸ‡ΊCompliant

GDPR & EU Data Protection

Full compliance with EU privacy regulations including data subject rights, DPIAs, EU Data Processing Addendums, and right to erasure.

GDPR Guide β†’
πŸ“œCompliant

CCPA / CPRA

California privacy compliance with clear opt-out mechanisms, data sale disclosures, and verified consumer request workflows.

Privacy Rights β†’
πŸ₯Available

HIPAA BAA

Business Associate Agreements available for healthcare clients. End-to-end encryption, audit logging, and restricted PHI access controls.

Request BAA β†’
πŸ”Active

NIST CSF Alignment

Security operations mapped to NIST Cybersecurity Framework categories: Identify, Protect, Detect, Respond, Recover.

Framework Mapping β†’
Data & Security Practices

How We Protect Your Information

πŸ”‘

Encryption in Transit & at Rest

All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Customer keys are optional via BYOK/HYOK.

πŸ‘₯

Zero-Trust Access Controls

Role-based access, MFA enforcement, just-in-time privileges, and continuous session validation.

🌐

Global Data Residency

Choose where your data lives. AWS, GCP, and Azure regions across US, EU, APAC, and sovereign cloud options.

🚨

Incident Response & Disclosure

24/7 SOC monitoring, documented IR playbooks, and mandatory breach notification within 72 hours where required.

Data Type Handling Retention
Authentication Logs Encrypted 365 days
Customer PII Resident Deletion on request
API Telemetry Aggregated 90 days
Support Tickets Segregated Project close + 1yr
Payment Data PCI DSS Scope Processor-managed
Frequently Asked Questions

Compliance & Security FAQs

Answers to common questions from legal, procurement, and security teams.

Yes. We support regional isolation across AWS, GCP, and Azure. During onboarding, you select your preferred data region, and all replication, backups, and processing remain strictly within that boundary unless explicitly configured for cross-region disaster recovery.
We provide an automated data export and deletion workflow in the admin console. Upon request, production data is purged within 72 hours, backups are marked for overwrite within 30 days, and a cryptographic deletion certificate is provided upon completion.
Absolutely. Enterprise customers receive a Responsible Disclosure & Security Testing agreement. We support authorized vulnerability scanning and pen testing with prior coordination. We also publish a public bug bounty program via HackerOne.
Our IR team operates 24/7. Confirmed incidents trigger immediate containment, forensic analysis, and customer notification. We comply with GDPR's 72-hour window and CCPA's prompt disclosure requirement. Post-incident reports are shared with affected customers within 14 days.
Yes. Standard DPAs are available for all clients. Healthcare organizations can request a Business Associate Agreement (BAA). Legal teams can access templates in our Trust Center or request custom terms via our compliance contact form.
Need Help?

Contact Our Compliance Team

For DPAs, security questionnaires, audit reports, or custom compliance requirements.

πŸ”’ This form is encrypted. Your data will only be used to process your compliance request.