Compliance

ConvertEase is committed to adhering to industry standards and regulations to ensure the security, privacy, and reliability of our services.

Certifications and Standards

ISO 27001

We are ISO 27001 certified, demonstrating our commitment to information security management. This certification validates our systematic approach to managing sensitive company and customer information.

Certification Date: January 2023Renewal: January 2026

SOC 2 Type II

Our SOC 2 Type II report verifies our controls related to security, availability, and confidentiality. It confirms that our systems are designed to keep customer data secure.

Last Audit: March 2023Next Audit: March 2024

GDPR Compliance

We fully comply with the General Data Protection Regulation (GDPR), ensuring proper handling of personal data for our European users and providing transparency about data usage.

Implementation Date: May 2018

CCPA Compliance

We meet the requirements of the California Consumer Privacy Act (CCPA), respecting the privacy rights of California residents and providing appropriate data controls.

Implementation Date: January 2020

Compliance Programs

Security and Privacy Controls

Our comprehensive security and privacy program includes:

  • Regular third-party security assessments and penetration testing
  • Continuous monitoring for suspicious activities
  • Strict access controls and employee security training
  • Data minimization and retention policies
  • Vendor security assessment process
  • Incident response and business continuity plans

International Data Transfers

For international data transfers, we implement appropriate safeguards to ensure that your data receives an adequate level of protection:

  • Standard Contractual Clauses (SCCs) for data transfers outside the EEA
  • Privacy Shield principles (while developing alternative mechanisms)
  • Regional data storage options where required

Compliance Monitoring

We continuously monitor our compliance status through:

  • Automated compliance scanning and reporting
  • Regular internal audits
  • Annual external assessments
  • Compliance training for all employees

Legal Compliance

We adhere to all applicable laws and regulations in the jurisdictions where we operate, and we regularly review and update our practices to reflect changes in regulatory requirements.

Data Protection

We implement strict data protection measures including encryption, access controls, and data minimization. We only process your data for legitimate purposes as outlined in our Privacy Policy.

Global Standards

We align our practices with global standards including NIST, ISO, and CIS frameworks to ensure consistent security and privacy protections for users worldwide.

Vendor Management

We carefully select and monitor our vendors and service providers to ensure they maintain appropriate security and privacy standards. All vendors who process data on our behalf are subject to our rigorous vendor assessment process and must comply with our data protection requirements.

Key Infrastructure Providers

Cloud Infrastructure

AWS (ISO 27001, SOC 2, PCI DSS)

Payment Processing

Stripe (PCI Service Provider Level 1)

Need More Information?

For detailed information about our compliance programs or to request compliance documentation, please contact our compliance team.

Contact Compliance Team
Terms of ServicePrivacy PolicySecurity