Security Frameworks and Certifications

Enterprise-grade security and compliance standards that protect your data and meet regulatory requirements.

πŸ›‘οΈ

SOC2 Type II

βœ“ Certified

Annual independent audit of security and availability controls

β€’Security: Comprehensive information security controls and procedures
β€’Availability: 99.9% uptime SLA with monitoring and incident response
β€’Processing Integrity: Accurate and complete data processing validation
β€’Confidentiality: Customer data protection and access control measures
β€’Privacy: Personal information handling and consent management

Last Audit

July 2024

Next Audit

July 2025

⚑

ISO 27001

βœ“ Certified

Information Security Management System international standard

β€’Risk Management: Systematic identification and mitigation of security risks
β€’Policy Framework: Comprehensive information security policies and procedures
β€’Asset Management: Inventory and protection of information assets
β€’Access Control: Identity and access management with least privilege
β€’Incident Management: Structured response to security incidents and breaches
β€’Business Continuity: Disaster recovery and operational resilience planning

Last Audit

September 2024

Next Audit

September 2027

🌍

GDPR Compliance

βœ“ Compliant

European Union General Data Protection Regulation adherence

β€’Data Processing: Lawful basis and purpose limitation for all personal data
β€’User Rights: Implementation of access, rectification, erasure, and portability
β€’Consent Management: Granular consent collection and withdrawal mechanisms
β€’Data Protection: Privacy by design and default in all systems
β€’Breach Notification: 72-hour reporting to supervisory authorities
β€’Data Transfers: Adequate safeguards for international data transfers

Last Audit

Ongoing

Next Audit

Continuous

πŸ›οΈ

NIS2 Directive

βœ“ Compliant

EU Network and Information Security Directive compliance

β€’Risk Management: Cybersecurity risk assessment and mitigation measures
β€’Incident Reporting: Mandatory incident reporting to national authorities
β€’Supply Chain Security: Vendor risk management and third-party assessments
β€’Governance: Executive accountability for cybersecurity governance
β€’Resilience: Business continuity and disaster recovery capabilities
β€’Training: Cybersecurity awareness and employee training programs

Last Audit

October 2024

Next Audit

Annual review

Technical Security Measures

Comprehensive security controls protecting your data at every layer.

πŸ”

Data Encryption

  • βœ“AES-256 encryption for data at rest
  • βœ“TLS 1.3 encryption for data in transit
  • βœ“End-to-end encryption for sensitive communications
  • βœ“Hardware Security Modules (HSMs) for key management
  • βœ“Regular key rotation and cryptographic security reviews
πŸ”‘

Access Controls

  • βœ“Multi-factor authentication (MFA) required for all accounts
  • βœ“Role-based access control (RBAC) with least privilege principle
  • βœ“Single Sign-On (SSO) integration with Azure Active Directory
  • βœ“Regular access reviews and automated deprovisioning
  • βœ“Privileged access management (PAM) for administrative functions
πŸ—οΈ

Infrastructure Security

  • βœ“Secure cloud infrastructure with Microsoft Azure
  • βœ“Network segmentation and micro-segmentation
  • βœ“Web Application Firewall (WAF) and DDoS protection
  • βœ“Intrusion detection and prevention systems (IDS/IPS)
  • βœ“Continuous vulnerability scanning and patch management
πŸ“Š

Monitoring & Response

  • βœ“24/7 security operations center (SOC) monitoring
  • βœ“Security Information and Event Management (SIEM)
  • βœ“Automated threat detection and response
  • βœ“Regular penetration testing and security assessments
  • βœ“Incident response team with defined escalation procedures

Audit Trail and Documentation

Complete audit trail and compliance documentation available for enterprise customers.

πŸ“‹Annual third-party security audits and assessments
πŸ“‹Continuous compliance monitoring and reporting
πŸ“‹Security control evidence and documentation
πŸ“‹Penetration testing results and remediation tracking
πŸ“‹Incident response logs and breach notification records
πŸ“‹Vendor risk assessments and due diligence documentation
Request Documentation

Data Residency and International Compliance

Transparent data processing locations and cross-border transfer safeguards for global enterprise customers.

⭐ Primary Location
πŸ‡ͺπŸ‡Ί

European Union

Amsterdam, Netherlands

Primary data processing location for EU/EEA customers with full GDPR compliance.

GDPRNIS2 DirectiveePrivacy Directive
β€’Data processed and stored within EU/EEA boundaries
β€’GDPR Article 28 Data Processing Agreements available
β€’No data transfers outside EU without adequate safeguards
β€’Right to data localization for enterprise customers
β€’EU-based support and compliance teams
β€’Supervisory authority: Dutch Data Protection Authority (AP)
πŸ‡¬πŸ‡§

United Kingdom

London, United Kingdom

Dedicated UK data processing for post-Brexit compliance requirements.

UK GDPRData Protection Act 2018
β€’UK GDPR and Data Protection Act 2018 compliance
β€’Data processed within UK territorial boundaries
β€’Standard Contractual Clauses for EU data transfers
β€’Information Commissioner's Office (ICO) jurisdiction
β€’Brexit-compliant data processing agreements
β€’UK-based customer support and legal representation
πŸ‡³πŸ‡΄

Norway

Oslo, Norway

Local data processing for Norwegian customers with Datatilsynet compliance.

Norwegian Personal Data ActGDPR (via EEA Agreement)
β€’Norwegian Personal Data Act (Personopplysningsloven) compliance
β€’GDPR compliance through EEA Agreement implementation
β€’Data sovereignty for Norwegian government entities
β€’Datatilsynet (Norwegian DPA) supervisory authority
β€’Local Norwegian language support and documentation
β€’Oslo-based data center with 99.9% uptime SLA
πŸ‡ΊπŸ‡Έ

United States

Virginia, United States

US data processing with state privacy law compliance and federal security standards.

CCPASOXHIPAA (where applicable)
β€’California Consumer Privacy Act (CCPA) compliance
β€’Sarbanes-Oxley Act (SOX) compliance for financial data
β€’HIPAA Business Associate Agreements available
β€’FedRAMP-compatible security controls
β€’US-based enterprise support teams
β€’Data residency options for federal contractors

International Data Transfer Safeguards

Legal mechanisms ensuring adequate protection for cross-border data transfers.

πŸ“‹

Standard Contractual Clauses (SCCs)

European Commission approved clauses for international transfers

Coverage:

EU to Third CountriesController to ProcessorProcessor to Processor
βœ“Commission Decision 2021/914 implementation
βœ“Supplementary measures assessment for each transfer
βœ“Data subject rights equivalent to GDPR standards
βœ“Legal remedies and effective enforcement mechanisms
βœ“Regular review and updates based on adequacy decisions
βœ…

Adequacy Decisions

EU Commission recognition of equivalent data protection

Coverage:

UKSwitzerlandNew ZealandCanada (commercial)
βœ“European Commission adequacy decision reliance
βœ“No additional safeguards required for transfers
βœ“Equivalent level of data protection guaranteed
βœ“Regular monitoring of adequacy decision validity
βœ“Automatic compliance with data transfer requirements
🏒

Binding Corporate Rules (BCRs)

Internal data protection rules for multinational groups

Coverage:

Microsoft AzureHubSpotOther Service Providers
βœ“Approved internal data protection policies
βœ“Binding legal commitments across corporate group
βœ“Data subject rights enforcement mechanisms
βœ“Independent oversight and compliance monitoring
βœ“European DPA approval and ongoing supervision
πŸ†

Certification Schemes

Industry certification programs for data protection

Coverage:

SOC2 Type IIISO 27001Privacy Shield Successor
βœ“Independent third-party certification bodies
βœ“Ongoing monitoring and recertification requirements
βœ“Transparent compliance reporting and evidence
βœ“Industry-specific data protection standards
βœ“Regular audit and assessment procedures

Data Sovereignty and Government Access

Transparency about government access requests and data sovereignty measures.

Data Sovereignty

Customer data remains under the jurisdiction of the chosen processing location.

πŸ›‘οΈData processing location transparency and choice
πŸ›‘οΈNo unauthorized access by foreign governments
πŸ›‘οΈLegal challenges to overreaching government requests
πŸ›‘οΈCustomer notification of government access requests where legally permitted
πŸ›‘οΈData encryption rendering government access technically difficult

Government Access Transparency

Annual transparency reporting on government data requests and legal processes.

πŸ›‘οΈAnnual government access transparency reports
πŸ›‘οΈLegal process notification to affected customers
πŸ›‘οΈChallenge overreaching or invalid government requests
πŸ›‘οΈMinimize data disclosure through legal advocacy
πŸ›‘οΈEncryption and technical measures limiting government access

Legal Protection

Strong legal frameworks protecting customer data from unauthorized access.

πŸ›‘οΈMulti-jurisdictional legal representation
πŸ›‘οΈChallenge invalid or overbroad government requests
πŸ›‘οΈData minimization reducing exposure to government access
πŸ›‘οΈTechnical and organizational measures limiting access
πŸ›‘οΈCustomer data sovereignty rights respected

Data Residency Support

Contact our compliance team for specific data residency requirements and regional compliance questions.

Compliance

[email protected]

General compliance and data residency questions

Data Protection Officer

[email protected]

Data Protection Officer for GDPR and privacy matters

Legal

[email protected]

Legal team for contractual and regulatory questions

Contact Compliance Team

Enterprise Compliance Support

Get direct access to our compliance team for vendor risk assessments, audit support, and regulatory inquiries.

πŸ“‹

Compliance Team

General compliance questions, vendor risk assessments, and documentation requests.

[email protected]

Response within 24 hours

Security questionnaires
Vendor risk assessments
Compliance documentation
Audit support
πŸ”’

Data Protection Officer

GDPR compliance, data subject rights, and privacy impact assessments.

[email protected]

Response within 48 hours

GDPR compliance
Data subject rights
Privacy impact assessments
Data processing agreements
βš–οΈ

Legal Team

Contract negotiations, legal compliance, and regulatory interpretation.

[email protected]

Response within 72 hours

Contract negotiations
Legal compliance
Regulatory questions
Terms and conditions
πŸ›‘οΈ

Security Team

Security architecture, incident response, and technical security questions.

[email protected]

Response within 12 hours

Security architecture
Incident response
Penetration testing
Technical security

Compliance Inquiry Form

Submit a detailed inquiry and we'll route it to the appropriate team member.

Response Time Commitments

Our compliance team is committed to timely responses based on inquiry type and urgency.

Security Incidents

Within 2 hours

Critical security matters requiring immediate attention

24/7 on-call security team

Vendor Assessments

Within 24 hours

Security questionnaires and vendor risk evaluation

Business hours (9 AM - 6 PM CET)

GDPR Inquiries

Within 48 hours

Data protection and privacy compliance questions

Business hours with DPO availability

General Compliance

Within 72 hours

Documentation requests and general compliance questions

Standard business hours response

Escalation Process

If you need to escalate a compliance matter or are not satisfied with the initial response:

1

Primary Contact

Start with the appropriate team contact based on your inquiry type.

2

Team Lead Escalation

If not resolved within SLA, your inquiry is automatically escalated to team leads.

3

Executive Escalation

Critical matters can be escalated directly to our Chief Compliance Officer.

Executive Escalation

Chief Compliance Officer:[email protected]

For critical compliance matters requiring executive attention.