At Copyleaks, our products are routinely undergoing independent verification of privacy, security, and compliance control in efforts to achieve certifications against global standards to earn and retain the trust of the millions of Copyleaks users worldwide.
Below, you will find the current Copyleaks certifications and compliance standards.
Copyleaks is committed to ensuring the privacy and protection of personal data and has obtained the SOC 2 certification, a global standard audited by external auditors, as a demonstration of this commitment. Please visit our Security Practices page to learn more about Copyleaks’ commitment to privacy and security, our data centers, system architecture, and more.
SOC 2 compliance ensures companies securely manage any collected data to protect organizations’ interests and their customers’ privacy. Companies in compliance with SOC 2 are required to readily show their data protection measures and the security of their storage.
Our SOC 2 report outlines Copyleaks’ high-powered system and our adherence to security, privacy, and confidentiality.
Copyleaks is committed to adhering to the guidelines outlined in the EU GDPR and does so by following these practices:
We will never disclose your personal data.
We promise never to use your personal data for targeted advertising.
Your data is securely stored and encrypted.
Your personal data is solely collected to improve your experience and our service.
We promise to leave the control of your personal data in your control by allowing you to delete uploaded content.
We promise to continue evolving our practices and procedures to comply with regulatory standards.
The launch of our copyleaks.eu site, with its servers located in Germany, also helped us reach our goal of being fully GDPR compliant and fulfilling European customer requests of having their data and processing located only in Europe.
Copyleaks processes all payments through Stripe and does not access personal credit card information or any credit card information stored within the Copyleaks system. To further ensure customer security, Copyleaks is committed to adhering to the guidelines of PCI compliance, a set of 12 security standards that businesses must use when accepting, transmitting, processing, and storing credit card data.
PCI compliance involves requirements such as encryption of cardholder data, managing firewalls, updating antivirus software, and assigning unique IDs to each person with computer access.
The Payment Card Industry Security Standards Council, an independent body created by the card networks in 2006, manages PCI security standards while enforcing these standards on the card networks and payment processors. Regardless of the number of card transactions processed, every merchant must be PCI compliant. The card networks (Visa, Mastercard, American Express, etc.) can be contacted directly for information about their specific PCI compliance programs.
Copyleaks meets the guidelines of the NIST Risk Management Framework (RMF), a systematic process for managing information security risk developed by the National Institute of Standards and Technology (NIST) in the United States. The framework provides a structured and flexible approach for organizations to manage, monitor and control information security risks.
Per the NIST site:
The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization, regardless of size or sector.
At Copyleaks, we fully believe that technology should be accessible to everyone, with no exceptions. Therefore, our goal is to incorporate accessibility within our entire product platform, making our website and products accessible and user-friendly to everyone, regardless of their circumstance, disability, or situation.
To view our Voluntary Product Accessibility Templates (VPATs), please visit our Accessibility page.