Compliance & Certifications

Meeting the highest standards. Outermind is designed to help you meet your regulatory obligations with built-in compliance controls and regional data residency.

Regulatory Compliance

Regional and global regulatory frameworks we support

Regulation	Coverage	Details	Status
🇪🇺 EU GDPR General Data Protection Regulation	EU Region	Full compliance with data processing requirements including data subject rights, lawful basis, and cross-border transfer restrictions.	Compliant
🇬🇧 UK GDPR UK Data Protection Framework	UK Region	Compliant with UK GDPR and Data Protection Act 2018, including ICO registration requirements.	Compliant
🇺🇸 CCPA/CPRA California Consumer Privacy Act	US Region	California consumer privacy rights fully supported including right to delete, right to know, and opt-out of sale.	Compliant
🇦🇺 Privacy Act 1988 Australian Privacy Act	AU Region	Australian Privacy Principles (APPs) followed, including Privacy Amendment (Notifiable Data Breaches) Act 2017.	Compliant
🏥 HIPAA Health Insurance Portability and Accountability Act	All Regions	Business Associate Agreement (BAA) available for healthcare organizations. PHI handling controls in place.	Compliant
🛡 SOC 2 Type II Service Organization Control 2	All Regions	Certification in progress. Demonstrates security, availability, processing integrity, and confidentiality controls.	In Progress

Data Processing Principles

Our approach to data handling follows privacy-by-design principles

Data Minimization

We only collect and process data that is strictly necessary for service delivery. No excessive data collection or retention.

Purpose Limitation

Data is used only for the stated purposes outlined in our privacy policy and your service agreement.

Storage Limitation

Configurable retention policies allow you to control how long data is stored. Automatic cleanup when no longer needed.

Accuracy

Tools for data correction and updates. Subject access requests processed within regulatory timeframes.

Security Certifications

Industry-standard security certifications and frameworks

EU GDPR

Certified

General Data Protection Regulation

Full compliance with EU data processing requirements

UK GDPR

Certified

UK General Data Protection Regulation

Compliant with UK data protection framework

CCPA/CPRA

Certified

California Consumer Privacy Act

California consumer privacy rights supported

Privacy Act

Certified

Privacy Act 1988 (Australia)

Australian privacy principles followed

SOC 2 Type II

In Progress

Service Organization Control 2

Security, availability, and confidentiality controls

HIPAA

Available

Health Insurance Portability and Accountability Act

BAA available for healthcare organizations

ISO 27001

In Progress

Information Security Management

Industry-standard security management certification

Request Compliance Documents

For enterprise customers, we provide comprehensive compliance documentation

Data Processing Agreement (DPA)

Standard contractual clauses for GDPR compliance and data processor obligations.

Sub-processor List

Complete list of third-party processors with their roles, locations, and data access scope.

Security Questionnaire Responses

Pre-filled responses to common security questionnaires (CAIQ, SIG, VSAQ).

Penetration Test Summary

Executive summary of latest third-party penetration testing results.

SOC 2 Report

Coming Soon

Full SOC 2 Type II report available under NDA for enterprise customers.

Contact Sales for Documents

Questions About Compliance?

Our team can help you understand how Outermind meets your specific regulatory requirements.

Talk to Sales View Security Details