Compliance & Regulations
Agent47 is committed to maintaining the highest standards of compliance with international data protection and privacy regulations to ensure your data is handled responsibly.
SOC 2 Type II
Service Organization Control
ISO 27001
Information Security
GDPR
EU Data Protection
CCPA
California Privacy
HIPAA
Healthcare Privacy
Our Compliance Standards
SOC 2 Type II Certification
We have completed SOC 2 Type II certification, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy.
Key Requirements:
- Annual third-party audits by certified auditors
- Continuous monitoring of security controls
- Documented policies and procedures
- Regular security awareness training for all personnel
- Incident response and disaster recovery plans
ISO 27001 Information Security
Our information security management system (ISMS) is certified to ISO 27001 standards, ensuring systematic management of sensitive information.
Key Requirements:
- Risk assessment and treatment processes
- Information security policies and controls
- Regular internal and external audits
- Continuous improvement of security measures
- Asset management and access controls
GDPR Compliance (EU)
We comply with the General Data Protection Regulation, giving EU citizens full control over their personal data.
Key Requirements:
- Lawful basis for data processing
- Data minimization and purpose limitation
- Right to access, rectify, and erase data
- Data portability and processing restrictions
- Data breach notifications within 72 hours
CCPA Compliance (California)
We comply with the California Consumer Privacy Act, protecting the privacy rights of California residents.
Key Requirements:
- Notice of data collection and usage
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of data sales
- Non-discrimination for exercising rights
HIPAA Compliance (Healthcare)
For healthcare clients, we maintain HIPAA compliance to protect protected health information (PHI).
Key Requirements:
- Business Associate Agreements (BAAs)
- Encryption of PHI at rest and in transit
- Access controls and audit logs
- Employee HIPAA training
- Breach notification procedures
Your Data Rights
Under GDPR, CCPA, and other privacy laws, you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct any inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data ('right to be forgotten')
Right to Data Portability
Receive your data in a structured, commonly used format
Right to Restrict Processing
Limit how we process your personal data
Right to Object
Object to processing of your data for specific purposes
How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Officer (DPO) at dpo@agent47.com. We will respond to your request within 30 days.
Contact DPOData Breach Notification Policy
In the unlikely event of a data breach that affects your personal information, we will:
Immediate Detection
Our 24/7 security monitoring will detect the breach immediately
Containment (less than 1 hour)
Contain the breach and prevent further unauthorized access
Assessment (less than 24 hours)
Assess the scope and impact of the breach
User Notification (less than 72 hours)
Notify affected users via email and in-app notification
Authority Notification (less than 72 hours)
Report to relevant data protection authorities (GDPR requirement)
Remediation & Prevention
Fix vulnerabilities and implement additional security measures