Compliance

elwend is committed to maintaining the highest standards of regulatory compliance and data protection across all jurisdictions where we operate.

1. GDPR (General Data Protection Regulation)

We fully comply with GDPR requirements for processing personal data of EU residents, including:

• Lawful basis for data processing
• Data subject rights (access, rectification, erasure)
• Data Processing Agreements (DPA) with subprocessors
• Data breach notification within 72 hours

2. CCPA (California Consumer Privacy Act)

For California residents, we provide:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Non-discrimination for exercising CCPA rights

3. HIPAA Compliance

For healthcare customers, elwend offers HIPAA-compliant infrastructure with:

• Business Associate Agreements (BAA)
• End-to-end encryption for PHI
• Audit logging and access controls

4. PCI DSS

We maintain PCI DSS compliance for secure payment processing:

• Secure network architecture
• Cardholder data protection
• Regular vulnerability scanning

5. SOC 2 Type II

Our SOC 2 Type II report validates our commitment to:

• Security: Protection against unauthorized access
• Availability: System uptime and reliability
• Confidentiality: Data protection commitments

6. Subprocessors

We carefully vet all third-party subprocessors. Current subprocessors include:

• Infrastructure providers (encrypted storage)
• Analytics platforms (anonymized data)
• Customer support tools

A complete list is available upon request.

Contact Compliance Team

For compliance inquiries or to request documentation:

compliance@elwend.com