Compliance & Certifications

CatalogDeck maintains the highest standards of compliance and security to protect your data and meet regulatory requirements.

Our Certifications

SOC 2 Type II

Certified

Annual audit of security, availability, processing integrity, confidentiality, and privacy controls

GDPR

Compliant

Full compliance with EU General Data Protection Regulation for data privacy and security

CCPA

Compliant

California Consumer Privacy Act compliance for consumer data rights and privacy

ISO 27001

In Progress

International standard for information security management systems (expected Q3 2025)

Compliance Practices

Regular third-party security audits and penetration testing

Data processing agreements (DPA) available for all customers

Comprehensive data retention and deletion policies

Transparent data handling and processing procedures

Employee security training and background checks

Incident response and breach notification procedures

Regular compliance reviews and policy updates

Vendor security assessment program

Data Protection & Privacy

Data Residency

Customer data is stored in secure data centers in the United States. Enterprise customers can request specific data residency locations to meet regional compliance requirements.

Data Processing Agreements

We provide comprehensive Data Processing Agreements (DPA) that outline our data handling practices and meet GDPR requirements. DPAs are available to all customers upon request.

Right to Access & Deletion

We support all data subject rights under GDPR and CCPA, including the right to access, correct, delete, and port your data. Requests are processed within the legally required timeframes.

Subprocessors

We maintain a list of all subprocessors who may access customer data. All subprocessors are carefully vetted and required to meet our security and privacy standards.

Questions About Compliance?

Our compliance team is here to help answer your questions and provide documentation.

Compliance Contact

file@catalogdeck.com

Our Certifications

SOC 2 Type II

Certified

Annual audit of security, availability, processing integrity, confidentiality, and privacy controls

GDPR

Compliant

Full compliance with EU General Data Protection Regulation for data privacy and security

CCPA

Compliant

California Consumer Privacy Act compliance for consumer data rights and privacy

ISO 27001

In Progress

International standard for information security management systems (expected Q3 2025)

Compliance Practices

Regular third-party security audits and penetration testing

Data processing agreements (DPA) available for all customers

Comprehensive data retention and deletion policies

Transparent data handling and processing procedures

Employee security training and background checks

Incident response and breach notification procedures

Regular compliance reviews and policy updates

Vendor security assessment program

Data Protection & Privacy

Data Residency

Customer data is stored in secure data centers in the United States. Enterprise customers can request specific data residency locations to meet regional compliance requirements.

Data Processing Agreements

We provide comprehensive Data Processing Agreements (DPA) that outline our data handling practices and meet GDPR requirements. DPAs are available to all customers upon request.

Right to Access & Deletion

We support all data subject rights under GDPR and CCPA, including the right to access, correct, delete, and port your data. Requests are processed within the legally required timeframes.

Subprocessors

We maintain a list of all subprocessors who may access customer data. All subprocessors are carefully vetted and required to meet our security and privacy standards.