Our Commitment to Compliance
com.bond maintains comprehensive compliance programs to meet and exceed regulatory requirements worldwide. Our commitment to compliance ensures that your data is handled according to the strictest standards, giving you peace of mind to focus on your business.
Compliance Documentation: Enterprise customers can request detailed compliance reports and certifications through their account manager.
Data Privacy Regulations
GDPR (General Data Protection Regulation)
com.bond is fully compliant with GDPR requirements for processing personal data of EU residents:
- Lawful basis for data processing
- Data minimization and purpose limitation
- Right to access, rectification, and erasure
- Data portability and consent management
- Privacy by design and default
- Data Protection Officer (DPO) appointed
- Data Processing Agreements (DPAs) available
CCPA (California Consumer Privacy Act)
We comply with CCPA requirements for California residents:
- Transparent data collection notices
- Consumer rights to know, delete, and opt-out
- Non-discrimination for exercising rights
- Annual privacy training for personnel
- Verified consumer request processes
Other Privacy Regulations
- PIPEDA (Canada): Personal Information Protection compliance
- LGPD (Brazil): Lei Geral de Proteção de Dados compliance
- Privacy Act (Australia): Australian Privacy Principles compliance
- POPIA (South Africa): Protection of Personal Information Act
Industry Certifications
SOC 2 Type II
Our SOC 2 Type II report demonstrates our commitment to:
- Security: Protection against unauthorized access
- Availability: System uptime and performance
- Processing Integrity: Accurate and complete processing
- Confidentiality: Protection of confidential information
- Privacy: Personal information handling
ISO 27001:2013
Our Information Security Management System (ISMS) is certified to ISO 27001 standards:
- Risk-based security approach
- Continuous improvement processes
- Regular internal and external audits
- Comprehensive security controls
- Employee security awareness training
PCI DSS Level 1
For payment card data security:
- Secure network and systems
- Protection of cardholder data
- Vulnerability management program
- Strong access control measures
- Regular monitoring and testing
Data Governance
Data Classification
We classify and handle data according to sensitivity levels:
- Public: Marketing materials, public documentation
- Internal: Business operations data
- Confidential: Customer data, business agreements
- Restricted: Payment information, authentication credentials
Data Retention
Our data retention policies ensure compliance while meeting business needs:
- Active customer data: Duration of service
- Closed accounts: 90 days for reactivation
- Financial records: 7 years per regulations
- Security logs: 1 year minimum
- Marketing data: Until consent withdrawn
Data Location
Customer data residency options:
- United States (primary)
- European Union (Frankfurt)
- Asia Pacific (Singapore)
- Custom locations for Enterprise
Compliance Controls
| Control Area | Implementation | Verification |
|---|---|---|
| Access Control | Role-based permissions, MFA required | Quarterly access reviews |
| Data Encryption | AES-256 at rest, TLS 1.3 in transit | Annual cryptographic assessment |
| Incident Response | 24/7 SOC, defined procedures | Bi-annual tabletop exercises |
| Vendor Management | Security assessments, contracts | Annual vendor reviews |
| Business Continuity | DR plans, backup procedures | Annual DR testing |
| Change Management | Formal approval process | Monthly CAB reviews |
Audit & Assessment
External Audits
- Annual SOC 2 Type II audit by independent CPA
- ISO 27001 surveillance audits twice yearly
- PCI DSS assessment by Qualified Security Assessor
- Penetration testing quarterly
Internal Audits
- Monthly security control assessments
- Quarterly compliance reviews
- Continuous vulnerability scanning
- Annual risk assessments
Customer Audits
Enterprise customers may request:
- Audit reports and certifications
- Security questionnaire completion
- Virtual audit sessions
- On-site audits (with agreement)
Compliance by Industry
com.bond supports compliance requirements for various industries:
Financial Services
- SOX compliance support
- GLBA requirements
- SEC regulations
- FINRA compliance
Healthcare
- HIPAA Business Associate Agreement (BAA) available
- HITRUST CSF alignment
- FDA 21 CFR Part 11 support
Government
- FedRAMP authorization (in progress)
- FIPS 140-2 encryption
- Section 508 accessibility
Compliance Resources
Documentation
- Privacy Policy
- Terms of Service
- Service Level Agreement
- Data Processing Agreement (upon request)
Reports & Certificates
Available to customers upon request:
- SOC 2 Type II Report
- ISO 27001 Certificate
- PCI DSS Attestation
- Penetration Test Executive Summary
Contact Compliance Team
- General compliance: [email protected]
- Privacy inquiries: [email protected]
- Data Protection Officer: [email protected]
Enterprise Compliance Support: Our compliance team can work with your legal and compliance departments to meet specific regulatory requirements. Contact your account manager or email [email protected].