Compliance and Trust
VeloDB Cloud maintains a security and compliance program and publishes its certifications, audit reports, and other trust materials in the VeloDB Trust Center. All of the frameworks below apply to VeloDB Cloud. This page summarizes each framework and explains how to request reports.
Compliance Frameworks
SOC 2 Type II
VeloDB Cloud holds a SOC 2 Type II report. System and Organization Controls (SOC) for Service Organizations are internal-control reports created under the American Institute of Certified Public Accountants (AICPA) framework, and a Type II report assesses how effectively security and data-protection controls operate over a period of time. Customers use the report to evaluate the controls of an outsourced service before relying on it.
ISO/IEC 27001:2022
VeloDB Cloud is certified to ISO/IEC 27001:2022, the international standard for information security management. The certification reflects a systematic, risk-based approach to protecting information, and VeloDB undergoes annual surveillance audits with independent auditors to keep it valid.
HIPAA
VeloDB Cloud supports the requirements of the Health Insurance Portability and Accountability Act (HIPAA) for safeguarding protected health information (PHI) through administrative, physical, and technical controls.
GDPR
VeloDB Cloud supports compliance with the General Data Protection Regulation (GDPR), the European Union data privacy law, and can support customers who must meet EU regulatory requirements for protecting personal data.
U.S. Data Privacy Framework
VeloDB Cloud participates in the U.S. Data Privacy Framework (DPF), which provides a mechanism for transferring personal data from the EU and EEA, the UK, and Switzerland to the United States.
PCI DSS (SAQ A)
VeloDB Cloud's payment and billing processing meets the Payment Card Industry Data Security Standard (PCI DSS) under SAQ A, the self-assessment level for organizations that outsource payment card processing.
Requesting Reports and Legal Artifacts
To request a SOC 2 report, an ISO 27001 certificate, a data processing agreement (DPA) or security addendum, or other compliance artifacts, use the VeloDB Trust Center or contact your VeloDB Cloud account team.
Security Program
VeloDB Cloud's security program covers vulnerability management, penetration testing, internal access control, secure software development, and release management. For the full description, see Security and Trust Platform and Security Features.