Compliance & Certifications

FlexiDoc maintains the highest standards of compliance and security certifications to ensure your data is protected and handled according to global regulations.

Our Certifications

SOC 2 Type II

Our SOC 2 Type II certification demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy of customer data.

  • Annual third-party audits
  • Continuous monitoring and improvement
  • Covers all five trust service criteria

ISO 27001:2013

ISO 27001 certification validates our Information Security Management System (ISMS) and our systematic approach to managing sensitive information.

  • Risk-based security approach
  • Regular internal and external audits
  • Continuous improvement process

ISO 27018:2019

ISO 27018 certification ensures we follow best practices for protecting personally identifiable information (PII) in public cloud computing environments.

  • Enhanced PII protection controls
  • Transparent data handling practices
  • Customer control over data

Regional Compliance

πŸ‡ͺπŸ‡Ί GDPR (General Data Protection Regulation)

We are fully compliant with GDPR requirements for processing personal data of EU residents.

Key Compliance Measures:

  • Lawful basis for data processing
  • Data Protection Officer (DPO) appointed
  • Privacy by design implementation
  • Data Protection Impact Assessments

User Rights Supported:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to data portability

πŸ‡ΊπŸ‡Έ CCPA (California Consumer Privacy Act)

We comply with CCPA requirements for California residents' personal information.

Compliance Features:

  • Transparent data collection notices
  • Do Not Sell My Personal Information
  • Annual privacy policy updates
  • Consumer request handling process

Consumer Rights:

  • Right to know
  • Right to delete
  • Right to opt-out
  • Right to non-discrimination

🌏 Other Regional Compliance

πŸ‡¨πŸ‡¦ PIPEDA (Canada)

Compliant with Personal Information Protection and Electronic Documents Act requirements.

πŸ‡¬πŸ‡§ UK GDPR

Full compliance with UK-specific GDPR requirements post-Brexit.

πŸ‡¦πŸ‡Ί Australian Privacy Act

Adherence to Australian Privacy Principles (APPs) for handling personal information.

πŸ‡§πŸ‡· LGPD (Brazil)

Compliance with Lei Geral de Proteção de Dados for Brazilian users.

Industry Standards

HIPAA Compliance

For healthcare organizations, we offer HIPAA-compliant configurations with Business Associate Agreements (BAA).

  • Administrative, physical, and technical safeguards
  • Encryption for PHI at rest and in transit
  • Audit controls and access logging
  • BAA available for Enterprise customers

PCI DSS

While we don't directly process payment cards, our payment providers are PCI DSS Level 1 certified.

  • Secure payment processing via Stripe
  • No storage of credit card information
  • Tokenization for recurring payments

Data Processing Agreements

We provide Data Processing Agreements (DPAs) to ensure compliance with data protection regulations:

  • Standard Contractual Clauses (SCCs) for international transfers
  • Clear data processing terms and responsibilities
  • Sub-processor list and notification procedures
  • Security breach notification protocols

Third-Party Audits

We undergo regular third-party security assessments and penetration testing:

  • Annual penetration testing by certified security firms
  • Quarterly vulnerability assessments
  • Continuous automated security scanning
  • Supply chain security assessments

Compliance Resources

Security Overview

Learn about our comprehensive security measures and infrastructure.

Privacy Policy

Understand how we collect, use, and protect your personal information.

Trust Center

Access all security, compliance, and privacy documentation in one place.

Need Compliance Documentation?

Enterprise customers can request detailed compliance documentation, audit reports, and custom security assessments.

Contact Compliance Team