# How DoubleTick Keeps Your Data Safe & Compliant

At DoubleTick, your data security and privacy are foundational to how we build, operate, and deliver our platform. We understand that modern businesses demand trust, transparency, and global compliance when handling customer information.

To meet these expectations, DoubleTick is proud to be:

**EU GDPR Compliant** \
**ISO 27001 Certified** \
**SOC 2 Compliant**

These certifications are globally recognized benchmarks for data privacy and information security — bringing real protections and assurances for you and your customers.

***

#### <mark style="color:$primary;">**What Is GDPR Compliance?**</mark>

GDPR (General Data Protection Regulation) is the EU's data protection law that gives individuals strict control over how their personal data is collected, processed, and stored. Even companies outside the EU must comply if they process data of EU residents.

Being GDPR compliant means DoubleTick upholds:

**Purpose Limitation:** Data is collected only for defined, legitimate business purposes.&#x20;

**Data Minimization:** Only essential personal data is processed.&#x20;

**Consent:** Users must explicitly opt-in before being messaged or having their data processed.&#x20;

**Rights to Access & Erasure:** Individuals can request access to or removal of their data.&#x20;

**Data Security:** Measures are in place to prevent unauthorized access, loss, or misuse.&#x20;

**Transparency:** Data practices are openly disclosed through clear privacy policies.

***

#### <mark style="color:$primary;">**What Is ISO 27001 Certification?**</mark>

ISO 27001 is a globally respected standard for Information Security Management Systems (ISMS). It provides a structured framework for identifying, managing, and reducing risks to sensitive data.

This certification confirms that DoubleTick systematically assesses security risks, implements controls, monitors effectiveness, and trains teams on information security — on an ongoing basis, not just at a point in time.

It is built around three core principles:

**Confidentiality:** Data is accessible only to authorized users.&#x20;

**Integrity:** Data remains accurate and untampered.&#x20;

**Availability:** Data is accessible when needed by authorized users.

***

#### <mark style="color:$primary;">**What Is SOC 2 Compliance?**</mark>

SOC 2 (System and Organization Controls 2) is an independent audit standard developed by the AICPA, specifically for technology and cloud-based service providers. Unlike ISO 27001, SOC 2 is a third-party verified audit — meaning compliance is independently assessed, not self-declared.

It evaluates DoubleTick against five Trust Service Criteria:

**Security:** Systems are protected against unauthorized access.&#x20;

**Availability:** Systems are operational and accessible as committed.&#x20;

**Processing Integrity:** Data processing is complete, accurate, and timely. **Confidentiality:** Confidential data is protected as agreed. **Privacy:** Personal information is handled in line with privacy commitments.

***

#### <mark style="color:$primary;">**What This Means for Your Data**</mark>

Across all three certifications, your data is:

* Collected and stored with clear legal purpose
* Access-controlled, role-based, and monitored
* Protected against unauthorized access and security risks
* Subject to regular audits and continual improvement

Together, these standards ensure DoubleTick adheres to internationally recognized security and privacy requirements — whether you operate in the EU, UK, APAC, or globally.

Your data is in safe hands — because we follow the highest standards recognized worldwide for privacy and security.