Certifications
SOC 2 Type II
Security, availability, and confidentiality
GDPR
EU General Data Protection Regulation
CCPA
California Consumer Privacy Act
HIPAA
Healthcare data (Enterprise with BAA)
SOC 2 Type II
Status: Certified Covers:- Security controls
- Availability guarantees
- Processing integrity
- Confidentiality
- Privacy
GDPR Compliance
Data Rights
We support all GDPR rights:Right to Access
Right to Access
Request copy of all your data
Right to Rectification
Right to Rectification
Correct inaccurate data
Right to Erasure
Right to Erasure
Delete all your data
Right to Portability
Right to Portability
Export data in machine-readable format
Data Processing
- DPA Available: Data Processing Agreement
- EU Hosting: Option for EU-only data storage
- Cross-Border: Standard Contractual Clauses
CCPA Compliance
California privacy rights:- Data access requests
- Data deletion requests
- Opt-out of data sale (we don’t sell data)
- Non-discrimination
HIPAA (Enterprise)
For healthcare customers: Requirements:- Business Associate Agreement (BAA)
- Enterprise plan
- Dedicated infrastructure
- Enhanced encryption
ISO 27001
Status: In progress (Q2 2024) Information security management system certification.Data Residency
Data Locations
| Plan | Primary | Backups |
|---|---|---|
| Free/Pro | US (AWS us-east-1) | Multi-region |
| Enterprise | Configurable | Customer choice |
EU Data Residency
Enterprise customers can choose:- EU-only hosting (AWS eu-west-1)
- EU backup storage
- No cross-border transfers
Security Standards
Encryption
- At Rest: AES-256
- In Transit: TLS 1.3
- Backups: Encrypted
- Keys: AWS KMS or customer-managed
Access Control
- Role-Based Access Control (RBAC)
- Multi-Factor Authentication (MFA)
- Single Sign-On (SSO)
- IP allowlisting
Monitoring
- 24/7 security monitoring
- Intrusion detection
- Automated alerts
- Incident response plan
Compliance Requests
Requesting Documents
Email: compliance@sorcia.ai Available documents:- SOC 2 Report
- DPA (Data Processing Agreement)
- BAA (Business Associate Agreement)
- Security Questionnaires
- Penetration Test Results
Data Subject Requests
Submit requests:- Email: privacy@sorcia.ai
- Web: sorcia.ai/privacy/request
- In-app: Settings → Privacy
Vendor Security
Third-Party Services
| Service | Purpose | Compliance |
|---|---|---|
| Supabase | Database | SOC 2 Type II |
| Vercel | Hosting | SOC 2 Type II |
| AWS | Infrastructure | Multiple |
| Stripe | Payments | PCI DSS Level 1 |
Vendor Assessments
We regularly assess vendors for:- Security posture
- Compliance status
- Data handling practices
- Incident history