Compliance
PrArySoft is committed to meeting the compliance requirements expected by enterprise customers and regulatory bodies.
Compliance Contact: compliance@prarysoft.com
1. Overview
PrArySoft maintains compliance with applicable laws, regulations, and industry standards. This page provides an overview of our compliance posture and the frameworks we align with.
2. Data Protection Regulations
2.1 GDPR (General Data Protection Regulation)
We comply with GDPR requirements for processing personal data of individuals in the European Economic Area (EEA). Key aspects include:
- Lawful basis for processing documented for all data processing activities
- Data subject rights honored (access, rectification, erasure, portability, restriction, objection)
- Data Protection Impact Assessments (DPIAs) conducted where required
- Standard Contractual Clauses (SCCs) for international data transfers
- 72-hour breach notification to supervisory authorities
- Records of processing activities maintained
- Data Processing Agreements (DPAs) available for customers
2.2 CCPA/CPRA (California Consumer Privacy Act)
For California residents, we provide:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (we do not sell personal data)
- Right to non-discrimination for exercising privacy rights
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
2.3 Other Privacy Regulations
We monitor and comply with emerging privacy regulations including:
- LGPD (Brazil)
- POPIA (South Africa)
- PDPA (Singapore, Thailand)
- State-level US privacy laws (Virginia, Colorado, Utah, Connecticut)
3. Security Standards
3.1 SOC 2
Our infrastructure and security controls are designed to meet SOC 2 Type II requirements across the Trust Services Criteria:
- Security: Protection against unauthorized access
- Availability: System availability per service commitments
- Processing Integrity: Complete, accurate, timely processing
- Confidentiality: Protection of confidential information
- Privacy: Personal information handled per privacy notice
3.2 Infrastructure Certifications
Our cloud infrastructure providers maintain certifications including:
- SOC 2 Type II
- ISO 27001
- ISO 27017
- ISO 27018
4. Data Processing Agreements
We provide Data Processing Agreements (DPAs) to customers who require them for GDPR compliance. Our DPA includes:
- Standard Contractual Clauses for international transfers
- Description of processing activities
- Security measures
- Sub-processor provisions
- Data subject rights assistance
- Audit rights
To request a DPA, contact: legal@prarysoft.com
5. Subprocessors
We maintain a list of subprocessors that may process customer data on our behalf. See our Subprocessors page for the current list.
6. Data Residency
By default, customer data is stored in the United States. For customers requiring specific data residency, please contact us to discuss available options.
7. Audit and Assessments
We support customer security assessments and can provide:
- Security questionnaire responses (CAIQ, SIG, custom)
- Penetration test summaries
- Compliance documentation
- Architecture diagrams
For enterprise security reviews, contact: security@prarysoft.com
8. Compliance Certifications
Current compliance status:
- GDPR: Compliant
- CCPA/CPRA: Compliant
- SOC 2 Type II: Controls aligned (certification in progress)
9. Contact
Compliance Inquiries: compliance@prarysoft.com
Legal/DPA Requests: legal@prarysoft.com
Security Questions: security@prarysoft.com