Regulatory Compliance

Compliance & Certifications

Building trust through transparency, security, and regulatory compliance across global jurisdictions.

Security First

Industry-leading security practices with regular third-party audits and penetration testing.

Global Standards

Compliance with international regulations across multiple jurisdictions.

Transparent Operations

Clear policies, public audit reports, and open communication about our practices.

Regulatory Engagement

Active participation in regulatory discussions and industry working groups.

Certifications & Standards

Our commitment to security and compliance is validated by independent third-party auditors.

SOC 2 Type II

Certified

Independently verified security, availability, and confidentiality controls.

Valid until: December 2026Auditor: Ernst & Young

ISO 27001

Certified

International standard for information security management systems.

Valid until: March 2027Auditor: BSI Group

GDPR Compliant

Compliant

Full compliance with EU General Data Protection Regulation.

Valid until: OngoingAuditor: Internal + External Review

CCPA Compliant

Compliant

California Consumer Privacy Act compliance for US users.

Valid until: OngoingAuditor: Internal + External Review

Regional Compliance

We maintain compliance with regulatory frameworks across all regions where we operate.

πŸ‡ΊπŸ‡ΈUnited States

CCPA / CPRA

California Consumer Privacy Act and California Privacy Rights Act compliance

Compliant

HIPAA Standards

Health Insurance Portability and Accountability Act security standards for sensitive data

Aligned

State Data Privacy Laws

Compliance with emerging state-level data privacy regulations

Compliant

πŸ‡ͺπŸ‡ΊEuropean Union

GDPR

General Data Protection Regulation

Compliant

eIDAS Regulation

Electronic identification and trust services compliance

Compliant

EU Data Act

EU data governance and portability requirements

Compliant

πŸ‡¬πŸ‡§United Kingdom

UK GDPR

UK version of GDPR post-Brexit

Compliant

Data Protection Act 2018

UK Data Protection Act compliance

Compliant

ICO Registration

Information Commissioner's Office data controller registration

Registered

πŸ‡ΈπŸ‡¬Singapore

PDPA

Personal Data Protection Act compliance

Compliant

IMDA Guidelines

Infocomm Media Development Authority data protection guidelines

Compliant

CSA Standards

Cyber Security Agency of Singapore standards compliance

Compliant

Security Audits

Our platform and systems undergo regular security assessments by independent security firms.

AuditorTypeDateResultReport
NCC Group
Penetration TestingOctober 2025PassedView Report
Bishop Fox
Application Security AssessmentAugust 2025PassedView Report
Coalfire
Infrastructure Security AuditJune 2025PassedView Report
Rapid7
Vulnerability AssessmentSeptember 2025PassedView Report

Compliance Timeline

Our ongoing commitment to regulatory excellence and security.

Q4 2025

SOC 2 Type II Certification

Achieved SOC 2 Type II certification after comprehensive audit.

Q3 2025

ISO 27001 Certification

Obtained ISO 27001 certification for information security management.

Q2 2025

ICO Registration

Completed ICO data controller registration for UK operations.

Q1 2025

Security Audits

Completed comprehensive penetration testing and security audits with independent firms.

Q4 2024

GDPR Compliance Framework

Implemented full GDPR compliance framework with DPO appointment.

Questions About Compliance?

Our compliance team is here to help with any questions about our regulatory status, certifications, or security practices.

compliance@aftercrypt.comView Security Details

Related Documents

SecurityPrivacy PolicyTerms of ServiceDisclaimer