Compliance & Security
We maintain the highest standards of security and compliance to protect your data. Our comprehensive approach ensures your information is safe and we meet all regulatory requirements.
Last updated: January 15, 2024
Compliance Frameworks
We maintain compliance with major international and regional regulations
GDPR
General Data Protection Regulation
EU regulation for data protection and privacy
Key Features:
- Data minimization and purpose limitation
- Right to access and portability
- Right to erasure (right to be forgotten)
- +3 more features
CCPA
California Consumer Privacy Act
California state law for consumer privacy rights
Key Features:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- +3 more features
SOC 2 Type II
Service Organization Control 2
Security, availability, and confidentiality controls
Key Features:
- Security controls and monitoring
- Availability and performance monitoring
- Confidentiality of customer data
- +3 more features
ISO 27001
Information Security Management System
International standard for information security
Key Features:
- Information security management system
- Risk assessment and treatment
- Security policies and procedures
- +3 more features
HIPAA
Health Insurance Portability and Accountability Act
US federal law for healthcare data protection
Key Features:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- +3 more features
PCI DSS
Payment Card Industry Data Security Standard
Security standards for payment card data
Key Features:
- Secure network and systems
- Protect cardholder data
- Vulnerability management
- +3 more features
Security Measures
Comprehensive security controls to protect your data
Data Protection
End-to-End Encryption
All data is encrypted in transit and at rest using AES-256 encryption
Data Residency
Customer data is stored in specific geographic regions as required
Data Anonymization
Personal data is anonymized when used for analytics and research
Data Retention
Automated data retention policies ensure data is deleted when no longer needed
Access Control
Multi-Factor Authentication
Required for all administrative access and sensitive operations
Role-Based Access Control
Granular permissions based on user roles and responsibilities
Single Sign-On (SSO)
Enterprise SSO integration with SAML and OAuth 2.0
Privileged Access Management
Special controls for high-privilege accounts and operations
Infrastructure Security
Secure Cloud Infrastructure
Hosted on AWS with enterprise-grade security controls
Network Security
Firewalls, DDoS protection, and intrusion detection systems
Regular Security Updates
Automated security patches and vulnerability management
Disaster Recovery
Comprehensive backup and disaster recovery procedures
Monitoring & Incident Response
24/7 Security Monitoring
Continuous monitoring of security events and anomalies
Incident Response Plan
Documented procedures for security incident response
Security Logging
Comprehensive logging of all security-relevant events
Penetration Testing
Regular third-party security assessments and penetration testing
Certifications & Audits
Third-party verified security and compliance certifications
SOC 2 Type II
AICPA
Audited controls for security, availability, and confidentiality
ISO 27001:2013
ISO
Information security management system certification
GDPR Compliance
EU Commission
Full compliance with EU General Data Protection Regulation
CCPA Compliance
California AG
Compliance with California Consumer Privacy Act
Data Processing Activities
Transparent overview of how we process your data
| Purpose | Data Types | Legal Basis | Retention | Third Parties |
|---|---|---|---|---|
| User Authentication | Email address, Password hash, Session tokens | Contract performance | Account lifetime + 30 days | None |
| Calendar Integration | Calendar events, Availability data, Time zone information | Consent | Account lifetime | Google, Microsoft (via API) |
| Booking Management | Meeting details, Attendee information, Scheduling preferences | Contract performance | Account lifetime + 7 years | Email service providers |
| Analytics & Improvement | Usage statistics, Performance metrics, Error logs | Legitimate interest | 2 years | Analytics providers (anonymized) |
Compliance Resources
Access our compliance documentation and contact our security team
Documentation
Contact Security Team
Security Questions
security@punctual.ai
Privacy Inquiries
privacy@punctual.ai
Compliance Requests
compliance@punctual.ai
Security Incidents
incident@punctual.ai
Questions about our security?
Our security team is here to answer any questions about our compliance and security measures