CaptainCompliance.com Trust Center
Your Privacy. Our Mission.
At Captain Compliance, we know that earning your trust means protecting your data at every step. This Trust Center provides full transparency into our privacy, security, and compliance practices.
Enterprise Security
Captain Compliance’s security program is built to proactively manage risks, support incident readiness, and ensure secure operations across our entire organization. Our practices are aligned with industry-leading frameworks, including NIST and SOC 2.
We are committed to:
- Organizational Safeguards
- Data Protection by Design
- Employee Security Awareness & Ongoing Training
- Access Control & Identity Management
- Continuous Monitoring of Infrastructure and Applications
- Incident Readiness and Response Procedures
- Secure Development and DevOps Workflows
- Reliable Disaster Recovery & Encrypted Backups
- Independent Third-Party Penetration Testing
- Public Vulnerability Disclosure Program
We encourage security researchers to report potential vulnerabilities by contacting security@captaincompliance.com.
Global Data Privacy & GDPR Compliance
Captain Compliance is fully committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR) and other leading global privacy laws, including:
- California Consumer Privacy Act (CCPA / CPRA) + 19 other State Privacy frameworks
- Brazil’s LGPD
- Canada’s PIPEDA
- China’s PIPL
- UK GDPR
- Singapore’s PDPA
Key Privacy Practices
- Data Minimization: We collect only what is necessary for specific purposes.
- Lawful Processing: Our data practices are governed by legitimate interests, consent, contract, and legal obligations.
- International Transfers: Data transfers outside the EU/UK are governed by Standard Contractual Clauses (SCCs) or participation in the Data Privacy Framework (DPF) program.
- User Rights: We provide full access, deletion, correction, and portability rights to individuals globally.
- Vendor Risk Management: All subprocessors are vetted.
You can access our Privacy Notice to learn more.
Infrastructure & Technical Controls
| Area | Security Measures |
|---|---|
| Hosting | Cloud-hosted with ISO 27001 & SOC 2 certified providers (e.g., AWS, Azure) |
| Encryption | AES-256 encryption at rest, TLS 1.2+ in transit |
| Authentication | SSO & MFA required for internal access |
| Monitoring | Automated anomaly detection and audit logging |
| Backups | Encrypted daily backups with point-in-time recovery |
| DevSecOps | Secure SDLC, CI/CD pipelines, and code scanning |
Compliance Roadmap
We are actively progressing toward the highest standards of security and compliance. Here’s what’s live and what’s next:
| Initiative | Status |
|---|---|
| SOC 2 Type I | In Progress |
| SOC 2 Type II | In Progress |
| Data Privacy Framework (DPF) | Filed & Awaiting Approval |
| ISO 27001 Feasibility | Under Review |
| CCPA / CPRA Disclosures | Completed |
| UK & EU GDPR Readiness | Active & Maintained |
