Skip to main content
All CollectionsLegal
Is Flusk compliant with SOC2 Type 2, HIPAA and GDPR standards?
Is Flusk compliant with SOC2 Type 2, HIPAA and GDPR standards?
Updated over 8 months ago

At Flusk, we recognize that compliance standards are a crucial concern, particularly when it comes to safeguarding your customer data. This article provides detailed information about our policies and practices that ensure compliance with the different standards.

TL:DR - The Flusk tools are compliant with the SOC2 Type 2, HIPAA and some ISO standards.

If you'd like to gain insight into how we handle the processing of your app's data and address privacy concerns, we suggest you read our comprehensive article on the topic. The link to this article can be found here: How does Flusk Vault process your application data and protect your privacy?

Server & Storage Standards

Flusk's servers and databases follow the following compliance and standards to guarantee the safety of your data:

  • GDPR Compliance (Learn more)

  • HIPAA Compliance

  • SOC 2 Type II

  • ISO 27001:2013

  • ISO 9001:2015

  • ISO/IEC 27701 new

  • PCI Compliance (ASV Network Scan)

  • Regular Penetration Testing by Clone Systems

Compliance Details

Data Processing Register

We have established a data processing register that documents all the processes for collecting and processing data. This register allows us to monitor and ensure that all data collection and processing is compliant with GDPR requirements. We carefully scrutinize each process to verify that they have a legal basis, the duration of data retention is respected, and other relevant criteria.

High-Level Security Systems

We have implemented high-level security systems to ensure the effective protection of personal data collected and processed.

These systems are designed to prevent unauthorized access, data breaches, and other threats to personal data.

We are committed to maintaining our compliance, and we continuously review our data processing practices to ensure that they remain compliant with the regulation.

Data Collection, Processing and Consent

Another critical aspect of GDPR compliance is ensuring that users' data is collected, processed, and stored in a transparent manner. Therefore, we have implemented measures to ensure that users' data is collected transparently. For instance, we do not use tracking and advertisement cookies until the user has agreed to the cookie banner. This ensures that we obtain explicit consent from users before collecting any data, as required by the GDPR.

If you'd like to gain insight into how we handle the processing of your app's data and address privacy concerns, we suggest you read our comprehensive article on the topic. The link to this article can be found here: How does Flusk Vault process your application data and protect your privacy?

Communications Consent

We also ensure that our customers are in control of their data by asking for their approval before sending any marketing communications, such as emails or newsletters. This measure ensures that users have complete control over their data and only receive communications they have explicitly agreed to receive.

Did this answer your question?