Compliance & Standards

Solatis meets industry-leading compliance standards to protect your data and organization.

SOC 2 Type II

What it is: Independent security audit by Big Four accounting firm

Scope:

Access controls
Encryption and data protection
Backup and disaster recovery
Incident response
Change management
Employee security

Frequency: Annual audit (trailing 6 months)

What it means:

Third-party verified security
Industry best practices
Continuous monitoring
Documented processes

Request SOC 2 Report:

Email: compliance@solatis.team
Subject: SOC 2 Report Request

They'll send under NDA.

Who: All EU residents

Your rights under GDPR:

Right to Access

Download all your data anytime:

Settings → Privacy → Download My Data

Get: CSV, JSON, or PDF format
Time: 7 days

Right to Deletion

Permanently delete your account:

Settings → Privacy → Delete My Account

Your data: Deleted within 30 days
Backups: Deleted within 90 days

Right to Portability

Export data in standard format:

Settings → Privacy → Export Data

Get: All documents, settings, metadata
Format: Portable, machine-readable

Right to Correction

Update inaccurate data:

Settings → Account → Edit Profile

Changes: Immediate
History: Logged for audit trail

Right to Object

Opt-out of certain processing:

Email: privacy@solatis.team
Specify: What you're opting out of

HIPAA (Healthcare)

Who: Healthcare providers, insurers, health plans

Available: With Business Associate Agreement (BAA)

What it covers:

Protected Health Information (PHI)
Encryption requirements
Access controls
Audit logs
Breach notification

HIPAA Features:

Enhanced encryption
Detailed audit trails
Access logs
Breach monitoring
Incident reporting

Get HIPAA:

Email: compliance@solatis.team
Subject: HIPAA BAA Request

Process: 5-7 business days
Additional cost: $200/month

PCI DSS (Payment Card Industry)

Status: Not applicable

We don't store payment card data. Payment processing handled by:

Stripe
Square
Other PCI-compliant providers

ISO 27001

Status: In Progress

Information Security Management System certification coming 2026 Q2.

Industry Standards

Encryption

At Rest: AES-256
In Transit: TLS 1.3
Standard: FIPS 140-2 approved

Authentication

Standards: OAuth 2.0, SAML 2.0, OIDC
2FA: TOTP (RFC 6238)

Access Control

Model: Role-Based Access Control (RBAC)
Database: Row-Level Security (RLS)

Data Residency

Default: US (AWS us-east-1)

Available regions:

EU: AWS eu-west-1 (Dublin)
Asia Pacific: AWS ap-southeast-1 (Singapore)

For GDPR: EU data residency available

Request:

Email: compliance@solatis.team
Specify: Required region

Compliance Reporting

Annual Attestation

Solatis provides:

SOC 2 Type II report
Security assessment
Compliance checklist
Audit trail samples

Audit Support

We provide:

Security documentation
System documentation
Access logs
Encryption verification
Policy documentation

Request: compliance@solatis.team

Data Processing Agreement (DPA)

If required: For GDPR-regulated data

Covers:

Data processing terms
Liability and indemnification
Sub-processor policies
Data subject rights
Compliance commitments

Get DPA:

Email: compliance@solatis.team
Subject: Data Processing Agreement

Template: Available for review
Customization: Negotiable for Enterprise

Subprocessors

Third-party services we use:

Service	Purpose	Location
AWS	Infrastructure	US/EU/Asia
Stripe	Payment	US
SendGrid	Email	US
Datadog	Monitoring	US

Full list: Available in DPA

Privacy Policy

Latest version: solatis.team/privacy

Covers:

What data we collect
How we use it
Who we share with
Your rights
Data retention

Terms of Service

Latest version: solatis.team/terms

Covers:

Service description
Pricing and billing
Acceptable use
Liability
Dispute resolution

Compliance Contacts

Department	Email	Response Time
Compliance	compliance@solatis.team	24 hours
Security	security@solatis.team	24 hours
Privacy	privacy@solatis.team	24 hours
Legal	legal@solatis.team	24 hours
Support	support@solatis.team	1 hour

Compliance Roadmap

Year	Certification	Status
2025	SOC 2 Type II	✅ Current
2025	GDPR	✅ Compliant
2026	ISO 27001	🔄 Q2 2026
2026	HIPAA Ready	✅ Available
2027	SOC 3	🔄 Planning

Frequently Asked Questions

Q: Is Solatis SOC 2 compliant? A: Yes, SOC 2 Type II certified with annual audits.

Q: Can I get a security assessment? A: Yes, request at compliance@solatis.team

Q: Do you support GDPR? A: Yes, fully GDPR compliant with data residency options.

Q: Is HIPAA available? A: Yes, with Business Associate Agreement ($200/month).

Q: Where is my data stored? A: Default: US (AWS us-east-1). EU and Asia options available.

Compliance & Standards ​

SOC 2 Type II ​

GDPR (General Data Protection Regulation) ​

Right to Access ​

Right to Deletion ​

Right to Portability ​

Right to Correction ​

Right to Object ​

HIPAA (Healthcare) ​

PCI DSS (Payment Card Industry) ​

ISO 27001 ​

Industry Standards ​

Encryption ​

Authentication ​

Access Control ​

Data Residency ​

Compliance Reporting ​

Annual Attestation ​

Audit Support ​

Data Processing Agreement (DPA) ​

Subprocessors ​

Privacy Policy ​

Terms of Service ​

Compliance Contacts ​

Compliance Roadmap ​

Frequently Asked Questions ​

Next Steps ​

Compliance & Standards

SOC 2 Type II

GDPR (General Data Protection Regulation)

Right to Access

Right to Deletion

Right to Portability

Right to Correction

Right to Object

HIPAA (Healthcare)

PCI DSS (Payment Card Industry)

ISO 27001

Industry Standards

Encryption

Authentication

Access Control

Data Residency

Compliance Reporting

Annual Attestation

Audit Support

Data Processing Agreement (DPA)

Subprocessors

Privacy Policy

Terms of Service

Compliance Contacts

Compliance Roadmap

Frequently Asked Questions

Next Steps