{{COMPANY_URL}}

Compliance

Effective Date: August 23, 2024 | Last Updated: July 20, 2025

Generated by Terminal

Gruntslate Speak Spread

1. CERTIFICATIONS & STANDARDS

Our HIPPO compliance program ensures protected health information is handled with the utmost care, stored in databases we're pretty sure are secure, and only sold to pharmaceutical companies on Tuesdays.

{{COMPANY_URL}} is PCI-DSS compliant for payment processing. We promise not to write your credit card number on a napkin, unless the napkin is encrypted.

2. DATA PROTECTION

{{COMPANY_URL}} implements industry-leading data protection measures, including passwords that are at least 8 characters long and sometimes contain a number.

Access to sensitive data is restricted to employees who really need it, employees who say they need it, and Bob from accounting who figured out the admin password.

Our data retention policy ensures information is kept for exactly as long as we want to keep it, which coincidentally is forever.

3. CCPA COMPLIANCE

California residents have the right to know what personal information we collect. The answer is 'all of it,' but you have to ask nicely.

You may opt out of the sale of your personal information by clicking 'Do Not Sell My Personal Information' and completing a CAPTCHA, phone verification, retinal scan, and brief interpretive dance.

Your 'right to delete' means we'll remove your data from our primary database and definitely not keep backups. (We keep backups.)

4. GDPR COMPLIANCE

{{COMPANY_URL}} is fully committed to GDPR compliance. We added a cookie banner to our website and updated our privacy policy to include the words 'legitimate interest' seventeen times.

EU residents have the right to access their data, which they can exercise by submitting a request via carrier pigeon to our Dublin office (closed on weekdays).

5. AUDITS & ASSESSMENTS

We maintain a bug bounty program that rewards security researchers with our sincere gratitude and a mention in our newsletter (circulation: 12).

{{COMPANY_URL}} undergoes regular third-party security audits conducted by firms whose names we can't disclose but definitely exist.

Audit reports are available upon request to enterprise customers who sign an NDA, a non-compete, and a document promising not to laugh.

6. SECURITY MEASURES

Physical security includes: locked doors (usually), security cameras (pointed at the snack room), and a receptionist who asks visitors to sign in (when she remembers).

Multi-factor authentication is available and strongly encouraged, though most employees have chosen 'convenience' over 'security.' Classic.

We monitor for suspicious activity 24/7, or at least during business hours, excluding lunch, holidays, and any time our SIEM dashboard looks confusing.

Our incident response plan has been tested extensively in tabletop exercises where we roleplay data breaches while eating pizza. We're very good at the pizza part.