Security & Privacy

At CompliQuick, we understand that trust is earned through transparency. As a compliance company, we hold ourselves to the same standards we help our customers achieve.

Infrastructure & Security

Hosting: Digital Ocean managed infrastructure with MySQL database
CDN/Protection: Cloudflare proxy for DDoS protection and global performance
Email: AWS Simple Email Service for transactional emails
Analytics: PostHog for product analytics (anonymized usage data only)

Data Security:

  • All connections encrypted with TLS 1.3
  • Database encrypted at rest (Digital Ocean's standard encryption)
  • File storage via Cloudflare with no direct URL access (files only accessible through authenticated application requests)
  • Regular automated backups
  • Access restricted to essential team members only

Data Location & Residency

Primary Infrastructure:

  • Servers: US-based Digital Ocean data centers
  • Database: Digital Ocean managed MySQL (US region)
  • Email infrastructure: AWS SES (US region)

Your data stays in the United States and is never transferred to third-party countries without explicit disclosure.

Privacy Controls

User Consent:

  • Cookie consent required for all analytics tracking
  • PostHog analytics automatically disabled if consent declined
  • Essential cookies only (authentication, security) used without consent

Your Rights:

  • Full data export available on request
  • Complete data deletion within 30 days of account closure
  • Opt-out of all non-essential data processing anytime

Compliance Standards

Current Practices:

  • CCPA (California Consumer Privacy Act) compliant data handling
  • GDPR-compliant privacy controls and user rights
  • Industry-standard encryption and access controls
  • Regular security updates and monitoring

We Eat Our Own Dog Food

CompliQuick uses its own platform to maintain our internal security policies and team training. We practice what we preach.

Data Handling

What We Collect:

  • Account information (name, email, company details)
  • Policy templates and customizations you create
  • Training completion records and scores
  • Basic usage analytics (when consent provided)

What We Don't Do:

  • Never sell or share customer data with third parties
  • Never access your policy content for marketing purposes
  • Never retain data longer than necessary for service delivery
  • Never use your data to train AI models or algorithms

Compliance Roadmap

Current Status: Implementing security best practices using our own CompliQuick policies
2025 Goals: Enhanced monitoring and incident response procedures
2026 Target: SOC 2 Type II certification to meet enterprise requirements

Questions?

Have specific security or privacy questions? Contact us at [email protected] and we'll respond within one business day.

This page was last updated: August 28, 2025. We'll notify customers of any material changes to our security practices.