GDPR and CCPA
The European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) each creates a standard privacy framework to which all compliant businesses must adhere, creating clarity and transparency for individuals.
In compliance with GDPR and CCPA, Kustomer offers a Data Processing Addendum (DPA) for our business customers who are the data controllers that, among other things, specifies our obligations and restrictions around our processing activities and provides the legal basis for our processing under the GDPR and CCPA and also for cross-border data transfers from the EU.
More information on GDPR and CCPA is available here.
Kustomer helps customers fulfill their HIPAA obligations by providing covered entities and business associates with appropriate security configuration options to safeguard protected health information (PHI). Our Business Associate Agreement (BAA) is no longer being offered to new business customers. If you are an existing business customer who has purchased a HIPAA license, more information on our HIPAA compliance can be found here.
Kustomer is certified under the EU-US Privacy Shield Framework. The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. More information on Privacy Shield is available here.
Kustomer maintains compliance with AICPA’s SOC for Service Organizations Trust Services Criteria, commonly known as SOC 2. More information regarding Kustomer Security and SOC 2 compliance is available here.
Kustomer is certified to ISO 27001, the leading international standard for information security management systems (ISMS). This certification demonstrates our commitment to systematically examining changing security risks and continuously advancing our security protocols. More information on ISO 27001 is available here.