Share

Regulatory Compliance

Hevo Data Inc. is committed to ensuring the privacy and confidentiality of all the user data processed by our systems and applications.

DORA Compliance

As a third-party Information and Communication Technology (ICT) service provider to financial entities in the EU, Hevo complies with the Digital Operational Resilience Act (DORA). It implements robust security and risk management practices, including service continuity, physical and ICT security, governance, incident management, data portability, and support for flexible contractual arrangements. These measures ensure alignment with customer-specific regulatory requirements as outlined in DORA.

SOC2 Compliance

Hevo complies with the Service Organization Control Type 2 (SOC2) risk management and security framework for cloud-based systems. The Hevo platform securely manages your data to protect the interests of your company and the privacy of your clients. Any solution designed at Hevo handles customer data as per SOC’s Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy. Read about System and Organization Controls (SOC) Suite of Services.

HIPAA Compliance

Hevo conforms to the Health Insurance Portability and Accountability Act (HIPAA) requirements under the HIPAA Security Rule. It implements physical, network, and process security measures to ensure the confidentiality, integrity, and availability of customer data, as outlined in HIPAA.

GDPR Compliance

Hevo complies with the General Data Protection Regulation (GDPR). It collects and processes your personal information as per GDPR’s seven key principles:

  1. Lawfulness, fairness, and transparency

  2. Purpose limitation

  3. Data minimization

  4. Accuracy

  5. Storage limitation

  6. Integrity and confidentiality (security)

  7. Accountability

Read Complete Guide to GDPR Compliance.

CPRA Compliance

Hevo complies with the California Privacy Rights Act (CPRA) to protect the privacy of data for you and your customers. The Hevo platform securely handles your data in accordance with CPRA regulations. The act grants you the following consumer rights as applicable:

  • The right to know about the personal information Hevo collects from you, how it is used, and with whom it is shared.

  • The right to request deletion of personal information collected from you.

  • The right to ask Hevo to limit the use and disclosure of your sensitive personal information.

  • The right to correct any inaccurate personal information held by Hevo.

  • The right to opt out of the sale or sharing of your personal information.

  • The right to access information about automated decision-making processes.

  • The right to receive your data in a portable and usable format.

  • The right to non-discrimination for exercising your rights under CPRA.

Note: Hevo does not collect sensitive personal information, as defined under the CPRA, for you to use our services. Read Privacy Policy.

See Also

Last updated on Jun 06, 2025

Tell us what went wrong

Skip to the section