Regulatory Compliance

Last updated on Mar 23, 2023

Hevo Data Inc. is committed to ensuring the privacy and confidentiality of all the user data processed by our systems and applications.

SOC2 Compliance

Hevo complies with the Service Organization Control type 2 (SOC2) cybersecurity compliance framework. The Hevo platform securely manages your data to protect the interests of your organization and the privacy of your clients. Every solution designed at Hevo manages customer data based on the five SOC “trust services criteria” — security, availability, processing integrity, confidentiality, and privacy. Read about System and Organization Controls (SOC) Suite of Services .

HIPAA Compliance

Hevo complies with HIPAA requirements under the HIPAA Security Rule. We implement physical, network, and process security measures to ensure the confidentiality, integrity, and availability of customer data, as outlined in the Health Insurance Portability and Accountability Act (HIPAA).

GDPR Compliance

Hevo is fully compliant with the Global Data Protection Regulation (GDPR). Hevo processes your personal information in compliance with GDPR’s seven key principles:

  1. Lawfulness, fairness, and transparency

  2. Purpose limitation

  3. Data minimization

  4. Accuracy

  5. Storage limitation

  6. Integrity and confidentiality (security)

  7. Accountability

Read Complete Guide to GDPR Compliance.

CCPA Compliance

Hevo complies with the California Consumer Privacy Act (CCPA) to protect the privacy of your and your customers’ data. The Hevo platform securely handles your data in accordance with CCPA regulations. The act also grants you the following rights as a customer:

  • The right to know about the personal information Hevo collects from you, and how it is used and shared.

  • The right to ask Hevo to delete personal information collected from you.

  • The right to opt out of the sale of your personal information.

  • The right to non-discrimination for exercising your CCPA rights.

See Also

Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Mar-23-2023 NA Updated the page to bring more clarity.
Apr-28-2022 NA Added sections, GDPR Compliance and CCPA Compliance.

Tell us what went wrong