Copyleaks Compliance & Certifications

At Copyleaks, our products are routinely undergoing independent verification of privacy, security, and compliance control in efforts to achieve certifications against global standards to earn and retain the trust of the millions of Copyleaks users worldwide.

Below, you will find the current Copyleaks certifications and compliance standards.

SOC 2 & SOC 3 Certified

Copyleaks is committed to ensuring the privacy and protection of personal data and has obtained the SOC 2 and SOC 3 certification, a global standard audited by external auditors, to demonstrate this commitment. Please visit our Security Practices page to learn more about Copyleaks’ commitment to privacy and security, our data centers, system architecture, and more.  
 
SOC 2 compliance ensures companies securely manage any collected data to protect organizations’ interests and their customers’ privacy. Companies in compliance with SOC 2 are required to readily show their data protection measures and the security of 
their storage.
 
SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality. The Copyleaks SOC 3 audit was performed by KPMG, the leading auditing organization for certification.
 
Our SOC certification reports outlines Copyleaks’ high-powered system and our security, privacy, availability, and confidentiality adherence.
SOC2 & SOC 3 Certified
GDPR

General Data Protection Regulation (GDPR)

Copyleaks is committed to adhering to the guidelines outlined in the EU GDPR and does so by following these practices:



We will never disclose your personal data.


We promise never to use your personal data for targeted advertising.


Your data is securely stored and encrypted.


Your personal data is solely collected to improve your experience and our service.

We promise to leave the control of your personal data in your control by allowing you to delete uploaded content. 


We promise to continue evolving our practices and procedures to comply with regulatory standards.


The launch of our copyleaks.eu site, with its servers located in Germany, also helped us reach our goal of being fully GDPR compliant and fulfilling European customer requests of having their data and processing located only in Europe.

PCI Payment Card Industry Data Security Standard

Copyleaks processes all payments through Stripe and does not access personal credit card information or any credit card information stored within the Copyleaks system. To further ensure customer security, Copyleaks is committed to adhering to the guidelines of PCI compliance, a set of 12 security standards that businesses must use when accepting, transmitting, processing, and storing credit 
card data. 



PCI compliance involves requirements such as encryption of cardholder data, managing firewalls, updating antivirus software, and assigning unique IDs to each person with computer access. 



The Payment Card Industry Security Standards Council, an independent body created by the card networks in 2006, manages PCI security standards while enforcing these standards on the card networks and payment processors. Regardless of the number of card transactions processed, every merchant must be PCI compliant. The card networks (Visa, Mastercard, American Express, etc.) can be contacted directly for information about their specific PCI compliance programs.

pci dss compliant

NIST Risk Management Framework (RMF) Guidelines

Copyleaks meets the guidelines of the NIST Risk Management Framework (RMF), a systematic process for managing information security risk developed by the National Institute of Standards and Technology (NIST) in the United States. The framework provides a structured and flexible approach for organizations to manage, monitor and control information security risks.



Per the NIST site:



The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization, regardless of size or sector.

Copyleaks' Commitment to Accessibility

At Copyleaks, we fully believe that technology should be accessible to everyone, with no exceptions. Therefore, our goal is to incorporate accessibility within our entire product platform, making our website and products accessible and user-friendly to everyone, regardless of their circumstance, disability, or situation.

To view our Voluntary Product Accessibility Templates (VPATs), please visit our Accessibility page. 

Further Questions?

If you have further questions about Copyleaks compliances and/or accessibility or would like to request any reports or certificates of certifications, please contact our Support Team

Get Started With Copyleaks Today