Regulatory Compliance

Last updated on Sep 08, 2023

Hevo Data Inc. is committed to ensuring the privacy and confidentiality of all the user data processed by our systems and applications.


SOC2 Compliance

Hevo complies with the Service Organization Control Type 2 (SOC2) risk management and security framework for cloud-based systems. The Hevo platform securely manages your data to protect the interests of your company and the privacy of your clients. Any solution designed at Hevo handles customer data as per SOC’s Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy. Read about System and Organization Controls (SOC) Suite of Services.


HIPAA Compliance

Hevo conforms to the Health Insurance Portability and Accountability Act (HIPAA) requirements under the HIPAA Security Rule. It implements physical, network, and process security measures to ensure the confidentiality, integrity, and availability of customer data, as outlined in HIPAA.


GDPR Compliance

Hevo complies with the General Data Protection Regulation (GDPR). It collects and processes your personal information as per GDPR’s seven key principles:

  1. Lawfulness, fairness, and transparency

  2. Purpose limitation

  3. Data minimization

  4. Accuracy

  5. Storage limitation

  6. Integrity and confidentiality (security)

  7. Accountability

Read Complete Guide to GDPR Compliance.


CCPA Compliance

Hevo complies with the California Consumer Privacy Act (CCPA) to protect the privacy of data for you and your customers. The Hevo platform securely handles your data in accordance with CCPA regulations. The act grants you the following rights as a customer:

  • The right to know about the personal information Hevo collects from you, and how it is used and shared.

  • The right to ask Hevo to delete personal information collected from you.

  • The right to opt out of the sale of your personal information.

  • The right to non-discrimination for exercising your CCPA rights.


See Also


Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Sep-08-2023 NA Updated the page to improve readability.
Mar-23-2023 NA Updated the page to bring more clarity.
Apr-28-2022 NA Added sections, GDPR Compliance and CCPA Compliance.

Tell us what went wrong