Compliance & privacy
Compliance & privacy
SOC 2 Type II
Respan maintains SOC 2 Type II compliance covering security, availability, processing integrity, confidentiality, and privacy.
Key controls:
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- 24/7 security monitoring and audit logging
- Regular vulnerability assessments
- Disaster recovery and backup procedures
SOC 2 reports are available to customers under NDA. Contact team@respan.ai.
HIPAA
For healthcare organizations that need to process Protected Health Information (PHI), Respan offers Business Associate Agreements (BAA).
HIPAA-ready features:
- Data encryption in transit and at rest
- Role-based access control and audit logging
- Data residency controls
- Comprehensive activity logging
- SOC 2 Type II compliant infrastructure
To execute a BAA, contact team@respan.ai.
GDPR
Respan supports all GDPR data subject rights: access, rectification, erasure, restrict processing, data portability, and objection.
Data protection measures:
- Encryption at rest and in transit
- Role-based authentication
- Data minimization
- Automated data lifecycle management and retention policies
- EU data residency available upon request
Data processing agreement
Customers can execute a Data Processing Agreement (DPA) covering processing instructions, security measures, and breach procedures.
Contact
For compliance questions, BAA/DPA requests, or security reports:
- Security team: team@respan.ai
- Trust center: trustcenter.respan.ai
