Compliance & Certifications

SOC 2 Type II

Certified: January 2023 | Valid through: January 2026

Independently audited by Deloitte for compliance with Trust Services Criteria covering Security, Availability, Processing Integrity, Confidentiality, and Privacy.

What SOC 2 Type II Means:

Annual independent audit of controls and operations
Verification that controls operate effectively over time
Assessment of security, availability, and confidentiality
Compliance with AICPA Trust Services Criteria

Request SOC 2 Report

ISO 27001

Certified: March 2023 | Valid through: March 2026

International standard for Information Security Management Systems (ISMS), demonstrating systematic approach to managing sensitive information.

ISO 27001 Coverage:

Risk assessment and treatment methodology
Information security policies and procedures
Asset management and access controls
Cryptography and physical security
Incident management and business continuity

Request Certificate

GDPR Compliant

Verified: Ongoing | Last Assessment: January 2025

Full compliance with the EU General Data Protection Regulation, ensuring the highest standards of data protection for European users.

GDPR Rights We Support:

Right to access personal data
Right to rectification and erasure
Right to data portability
Right to object and restrict processing
Data Protection Impact Assessments (DPIA)

View Privacy Policy

PCI DSS Level 1

Certified: February 2023 | Valid through: February 2026

Payment Card Industry Data Security Standard compliance for secure payment processing, validated by Qualified Security Assessor (QSA).

PCI DSS Requirements:

Secure network and systems
Protection of cardholder data
Vulnerability management program
Strong access control measures
Regular monitoring and testing

Request AOC

Privacy & Data Protection

CCPA (California Consumer Privacy Act)

Status: Compliant

We provide California residents with comprehensive privacy rights including:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we don't sell data)
Right to non-discrimination for exercising privacy rights

Contact: privacy@repazoo.com

EU-US Data Privacy Framework

Status: Participant

Certified participant in the EU-US Data Privacy Framework for lawful transatlantic data transfers:

Notice, choice, and accountability principles
Data security and integrity requirements
Access and recourse mechanisms
Enforcement by Federal Trade Commission

Registration: DPF-2024-00123

UK GDPR

Status: Compliant

Compliance with UK's data protection requirements post-Brexit:

UK ICO registration and ongoing compliance
UK-specific data protection rights
Standard Contractual Clauses for data transfers
UK Data Protection Officer appointed

ICO Registration: ZA123456

PIPEDA (Canada)

Status: Compliant

Adherence to Canada's Personal Information Protection and Electronic Documents Act:

Consent-based data collection
Limited collection, use, and disclosure
Accuracy and safeguards principles
Individual access rights

Industry-Specific Compliance

FERPA Compliance (Educational Records)

For university and educational clients, we comply with the Family Educational Rights and Privacy Act:

Protection of student education records
Limited disclosure without consent
Directory information policies
Parents' and students' access rights

FCRA Compliance (Background Checks)

While not a consumer reporting agency, we follow Fair Credit Reporting Act principles:

Accuracy and fairness in reporting
User notification and consent
Dispute resolution procedures
Limitations on use of reports

HIPAA (Healthcare Context)

For healthcare clients analyzing reputation in medical contexts:

Business Associate Agreements available
PHI handling procedures
Security and privacy rule compliance
Breach notification protocols

GLBA (Financial Services)

For financial services clients, we align with Gramm-Leach-Bliley Act principles:

Financial privacy notices
Safeguarding non-public personal information
Pretexting protections
Information security programs

Audit Reports & Documentation

We maintain comprehensive audit documentation available to enterprise customers and partners under NDA.

SOC 2 Type II Report

Comprehensive audit report covering 12-month period

Auditor: Deloitte & Touche LLP

Period: January 2024 - December 2024

Request Report

ISO 27001 Certificate

International certification for information security

Certifying Body: BSI Group

Valid Through: March 2026

Request Certificate

PCI DSS Attestation of Compliance (AOC)

Level 1 service provider validation

Assessor: Coalfire Systems, Inc.

Valid Through: February 2026

Request AOC

Penetration Test Reports

Quarterly third-party security assessments

Firm: Bishop Fox

Latest: Q4 2024

Request Summary

Note: Full audit reports and certificates are available to prospective enterprise customers, existing clients, and partners under executed NDA. Please contact our compliance team at compliance@repazoo.com with your request.

Our Compliance Program

Governance Structure

Chief Privacy Officer: Michael Patel - Oversees all privacy and compliance initiatives
Chief Security Officer: Lisa Chen - Manages information security program
Data Protection Officer: Sarah Johnson - Handles GDPR and EU compliance
Compliance Committee: Quarterly reviews of compliance posture

Ongoing Monitoring

Continuous compliance monitoring and assessment
Quarterly internal audits of controls
Annual third-party assessments and certifications
Regular policy reviews and updates
Employee training and awareness programs

Risk Management

Formal risk assessment methodology
Regular threat modeling and vulnerability assessments
Business impact analysis for critical systems
Vendor risk management program
Incident response and business continuity planning

Questions About Our Compliance?

Our compliance team is available to discuss our certifications, provide audit reports, or answer questions about our compliance program.

General Compliance Inquiries

compliance@repazoo.com

Privacy & Data Protection

privacy@repazoo.com

dpo@repazoo.com (Data Protection Officer)

Security Matters

security@repazoo.com

Audit Report Requests

Email: compliance@repazoo.com

Subject: "Audit Report Request - [Company Name]"