Compliance & Certifications
AUDIGYD is built to handle the most rigorous compliance standards in the world. Our platform is designed from the ground up to meet international regulatory requirements.
GDPR
CompliantGeneral Data Protection Regulation — Full compliance for EU data subjects including data minimization, right to erasure, and Data Protection Impact Assessments (DPIA).
ISO 27001
AlignedInformation Security Management System — AUDIGYD's security controls are aligned with ISO 27001:2022 Annex A controls covering access management, cryptography, and operations security.
SOC 2
Type II In ProgressSecurity, Availability, and Confidentiality — SOC 2 Type II audit in progress covering Trust Services Criteria for security, availability, and confidentiality.
HIPAA
CompliantHealth Insurance Portability and Accountability Act — Technical safeguards including encryption, access controls, and audit logging meet HIPAA requirements.
PCI DSS
AlignedPayment Card Industry Data Security Standard — All payment processing handled via Stripe with PCI DSS Level 1 certification. No cardholder data stored on AUDIGYD servers.
PIPEDA
CompliantPersonal Information Protection and Electronic Documents Act — Full compliance with Canadian federal privacy law including consent management and breach notification.
NIST CSF
AlignedCybersecurity Framework — Controls mapped to NIST CSF core functions: Identify, Protect, Detect, Respond, and Recover.
FedRAMP
RoadmapFederal Risk and Authorization Management Program — Planned for future certification to support U.S. federal government clients.
Data Residency
Customer data is stored exclusively in the region selected during tenant creation. Data never crosses borders without explicit consent. All regions are hosted on Microsoft Azure with in-region Azure OpenAI processing.
United States
Azure East US / West US
Virginia & California data centers
European Union
Azure West Europe
Netherlands data center, GDPR-compliant
Canada
Azure Canada Central
Toronto data center, PIPEDA & ITSG-33 compliant
Australia
Azure Australia East
Sydney data center
United Kingdom
Azure UK South
London data center
United Arab Emirates
Azure UAE North
Dubai data center
Audit Reports & Documentation
We maintain comprehensive documentation and undergo regular independent audits to ensure the highest security standards.
Available Reports
- Penetration Test Summary (annual, by independent third party)
- Data Processing Impact Assessment (DPIA)
- Business Continuity & Disaster Recovery Plan
- Information Security Policy Overview
- Subprocessor List & Data Flow Diagrams
Reports are available under NDA to current and prospective enterprise customers. Contact security@audigyd.com to request access.
Looking for our Software Bill of Materials? See the SBOM section on the Security page.
Audit Frequency
| Activity | Frequency |
|---|---|
| External Penetration Testing | Annually |
| Internal Vulnerability Scanning | Monthly |
| SOC 2 Type II Audit | Annually (upon certification) |
| Business Continuity Testing | Semi-annually |
| Access Review | Quarterly |
| Security Awareness Training | Annually + onboarding |
Privacy Rights & Controls
AUDIGYD respects your privacy rights under GDPR, PIPEDA, CCPA, and other applicable privacy legislation. You have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data (subject to legal retention requirements).
Right to Data Portability
Export your data in a machine-readable format (JSON, CSV).
Right to Restrict Processing
Limit how we process your personal data.
Right to Withdraw Consent
Withdraw previously given consent at any time.
To exercise any of these rights, contact our Privacy Officer at hello@audigyd.com. We will respond within 30 days.