Compliance & Certifications

Meeting the highest standards for data protection and security

PulseOps is committed to maintaining the highest standards of data protection, privacy, and security. We continuously invest in compliance programs to meet global regulatory requirements and industry best practices.

SOC 2 Type II ✓ Achieved

SOC 2 Type II Certified

We have successfully completed SOC 2 Type II audit, demonstrating our commitment to security, availability, and confidentiality. Our controls are independently verified annually.

  • Security controls assessment
  • Availability monitoring
  • Confidentiality measures
  • Annual audits by independent third party
GDPR ✓ Compliant

GDPR Compliance

Fully compliant with the General Data Protection Regulation (GDPR), ensuring the privacy rights of individuals in the European Union and European Economic Area.

  • Data processing agreements (DPA) available
  • Data subject rights support
  • Privacy by design principles
  • Cross-border data transfer safeguards
ISO 27001 In Progress

ISO 27001 Certification

Currently pursuing ISO 27001 certification for information security management. Expected completion: Q2 2026.

  • Information security management system (ISMS)
  • Risk assessment and treatment
  • Continuous improvement processes
  • International standard for security
CCPA ✓ Compliant

CCPA Compliance

Compliant with the California Consumer Privacy Act, protecting the privacy rights of California residents.

  • Consumer rights support
  • Data disclosure transparency
  • Opt-out mechanisms
  • Data deletion on request
HIPAA Available

HIPAA Compliance

Business Associate Agreements (BAA) available for healthcare organizations requiring HIPAA compliance.

  • BAA agreements for enterprise customers
  • PHI protection measures
  • Audit logging and monitoring
  • Access controls and encryption
PCI DSS ✓ Compliant

PCI DSS Level 1

Payment processing through Stripe, which maintains PCI DSS Level 1 certification. We never store credit card information.

  • Secure payment processing
  • No credit card data storage
  • Tokenization through Stripe
  • Regular security scans

Data Residency & Localization

We offer flexible data residency options to meet your compliance requirements:

  • North America: US East (Virginia), US West (Oregon), Canada (Montreal)
  • Europe: EU West (Ireland), EU Central (Frankfurt), UK (London)
  • Asia Pacific: Singapore, Tokyo, Sydney
  • Custom Regions: Available for Enterprise customers

Data Processing Agreement (DPA)

Our standard Data Processing Agreement covers:

  • Processing activities and purposes
  • Data subject rights and support
  • Security measures and incident response
  • Sub-processor management
  • Data retention and deletion
  • Cross-border data transfers

Download our Standard DPA Template or contact us for custom agreements.

Security & Privacy Framework

Our security program is based on industry-leading frameworks:

  • NIST Cybersecurity Framework: Risk-based approach to managing security
  • CIS Controls: Implementation of critical security controls
  • OWASP Top 10: Protection against common web vulnerabilities
  • Privacy by Design: Privacy considerations in all development

Audit Reports & Documentation

We provide compliance documentation to qualified customers:

  • SOC 2 Type II reports (under NDA)
  • Security questionnaires and assessments
  • Penetration test summaries
  • Data processing agreements
  • Sub-processor lists
  • Security white papers

Contact our compliance team at compliance@pulseop.net to request documentation.

Need help with compliance?

Our compliance team can help you understand how PulseOps meets your specific regulatory requirements.

Contact Compliance Team