Regulatory Compliance
Hevo Data Inc. is committed to ensuring the privacy and confidentiality of all the user data processed by our systems and applications.
SOC2 Compliance
Hevo complies with the Service Organization Control Type 2 (SOC2) risk management and security framework for cloud-based systems. The Hevo platform securely manages your data to protect the interests of your company and the privacy of your clients. Any solution designed at Hevo handles customer data as per SOC’s Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy. Read about System and Organization Controls (SOC) Suite of Services.
HIPAA Compliance
Hevo conforms to the Health Insurance Portability and Accountability Act (HIPAA) requirements under the HIPAA Security Rule. It implements physical, network, and process security measures to ensure the confidentiality, integrity, and availability of customer data, as outlined in HIPAA.
GDPR Compliance
Hevo complies with the General Data Protection Regulation (GDPR). It collects and processes your personal information as per GDPR’s seven key principles:
-
Lawfulness, fairness, and transparency
-
Purpose limitation
-
Data minimization
-
Accuracy
-
Storage limitation
-
Integrity and confidentiality (security)
-
Accountability
Read Complete Guide to GDPR Compliance.
CCPA Compliance
Hevo complies with the California Consumer Privacy Act (CCPA) to protect the privacy of data for you and your customers. The Hevo platform securely handles your data in accordance with CCPA regulations. The act grants you the following rights as a customer:
-
The right to know about the personal information Hevo collects from you, and how it is used and shared.
-
The right to ask Hevo to delete personal information collected from you.
-
The right to opt out of the sale of your personal information.
-
The right to non-discrimination for exercising your CCPA rights.