ContactVerify LogoAfzil

Compliance & Certifications

ContactVerify is built to meet the highest standards of regulatory compliance, enabling you to build secure verification flows with confidence.

Certified
SOC 2 Type II
Annual audit of security, availability, processing integrity, confidentiality, and privacy controls.

Our SOC 2 Type II report demonstrates our commitment to maintaining robust security controls. The report is available to customers under NDA.

Compliant
PCI-DSS Level 1
Payment Card Industry Data Security Standard for handling cardholder data.

Although we don't store cardholder data, we maintain PCI-DSS compliance for our payment processing integrations.

Compliant
GDPR
EU General Data Protection Regulation for handling personal data of EU residents.

We support GDPR requirements including data subject rights, lawful basis for processing, and data protection by design.

Compliant
CCPA
California Consumer Privacy Act for protecting California residents' personal information.

We comply with CCPA requirements for disclosure, access, deletion, and opt-out rights for California consumers.

Certified
ISO 27001
International standard for information security management systems.

Our information security management system (ISMS) is certified to ISO 27001:2022 standards.

Compliant
Financial Services
Industry-specific compliance for banking and financial services.

We support compliance with FFIEC, GLBA, and other financial services regulations.

Data Processing

We provide comprehensive tools and agreements to support your data protection obligations.

Data Processing Agreement
Standard DPA available for all customers processing personal data through our service.
Sub-processors
We maintain a list of sub-processors and notify customers of changes.
Data Residency
Options for data residency in US, EU, and other regions available for Enterprise customers.
Data Retention
Configurable retention periods with automatic deletion capabilities.

Need Compliance Documentation?

Request access to our SOC 2 report, penetration test results, or other compliance documentation.

Request Documentation