Legal / Compliance

Compliance

Our compliance posture, framework certifications, and data governance practices for enterprise and regulated-industry customers.

SOC2

IN PROGRESS

ETA: Q4 2026

SOC 2 Type II

We are currently undergoing our SOC 2 Type II audit covering Security, Availability, and Confidentiality trust service criteria. Preliminary reports available to enterprise customers under NDA.

GDPR

COMPLIANT

GDPR

Our data handling practices comply with GDPR requirements including lawful basis for processing, data subject rights, data minimization, and retention limits. A Data Processing Agreement (DPA) is available on request.

CCPA

COMPLIANT

CCPA / CPRA

California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. California-specific privacy disclosures are included in our Privacy Policy.

ISO27001

PLANNED

ETA: 2027

ISO 27001

ISO 27001 certification is on our roadmap following SOC 2 completion. Our current security management practices are aligned with ISO 27001 Annex A controls.

Data Governance

US-East, EU-West (selectable)

Data Residency

List published quarterly

Subprocessors

30 days post-termination

Data Deletion

Yes — on request

DPA Available

Exportable / 1 year retention

Audit Logs

SCCs for EU → US

Cross-border Transfers

Enterprise & Regulated Industries

For enterprise compliance reviews, DPA requests, subprocessor lists, or security questionnaires, contact our compliance team. We typically turn around enterprise security reviews within 5 business days.

compliance@dnawerkes.ai

← Security Privacy Policy →