# Certifications & Attestations

#### SOC 2 Type II

We are SOC 2 Type II certified by Prescient Assurance, providing third-party validation of our security, availability, confidentiality, and processing-integrity controls. This certification demonstrates that our safeguards are continuously operated and independently audited. 

A letter of attestation is available to customers on request.

<a href="mailto:legal@parcellab.com?subject=Request%20for%20SOC%202%20Letter%20of%20Attestation&#x26;body=Dear%20parcelLab%20Security%20Team%2C%0A%0AWe%20kindly%20request%20a%20copy%20of%20parcelLab%E2%80%99s%20most%20recent%20SOC%202%20Type%20II%20Letter%20of%20Attestation%20for%20our%20vendor%20risk%20management%20and%20compliance%20review.%0A%0AThank%20you%20for%20your%20support." class="button secondary" data-icon="paper-plane-top">Request SOC 2 Letter of Attestation</a>

#### HIPAA

parcelLab is HIPAA compliant, protecting protected health information (PHI) with administrative, physical, and technical safeguards that meet the HIPAA Security Rule. Business Associate Agreements (BAAs) are available for customers in healthcare and adjacent sectors.&#x20;

A HIPAA attestation letter can be provided on request.

<a href="mailto:legal@parcellab.com?subject=Request%20for%20HIPAA%20Letter%20of%20Attestation&#x26;body=Dear%20parcelLab%20Security%20Team%2C%0A%0AWe%20kindly%20request%20a%20copy%20of%20parcelLab%E2%80%99s%20most%20recent%20HIPAA%20Letter%20of%20Attestation%20for%20our%20vendor%20risk%20management%20and%20compliance%20review.%0A%0AThank%20you%20for%20your%20support." class="button secondary" data-icon="paper-plane-top">Request HIPAA Letter of Attestation</a>

#### Continuous Compliance Monitoring

Between formal audits, we run continuous compliance monitoring to ensure that controls remain effective. This includes automated checks for asset inventories, access rights, and evidence capture. We use industry-leading tooling, currently powered by Vanta, to maintain real-time assurance.

#### GDPR and CCPA

Our privacy program is aligned with both GDPR and CCPA requirements. It is overseen by our DPO at ePrivacy GmbH, includes employee training under GDPR Article 32(4), and uses encryption in transit and at rest. Contractual restrictions prevent cross-region data transfers. This ensures lawful processing and data-subject rights for EU and US consumers .

parcelLab holds the ePrivacy Seal, an independent certification of GDPR compliance. This demonstrates that our governance, data minimization, and retention practices meet recognized European privacy standards.

<a href="https://www.eprivacy.eu/en/customers/awarded-seals/company/parcellab-gmbh/" class="button secondary" data-icon="shield-check">View ePrivacy Seal certificate, external privacy audit</a>

#### Penetration Testing

Security is validated through annual penetration tests conducted by Cognition Team across backend and frontend systems. Tests follow OWASP and ASVS guidelines, using authenticated scenarios and tools such as BurpSuite, Nuclei, and Nmap. Our most recent assessment confirmed no critical, high, or medium-severity findings, with only low-level issues identified and remediated .

#### Responsible AI

parcelLab’s Responsible AI program aligns with NIST AI Risk-Management Framework, ISO 42001, and the upcoming EU AI Act. Each model is documented, independently validated, and tracked in a risk register. High-impact use cases always include human oversight, rollback plans, and monitored drift. Incidents are managed under our security response procedures, with GDPR’s 72-hour notification timeline applied where relevant. Regular training ensures teams remain aligned with AI governance best practices.

#### European Accessibility Act (EAA)

We are fully complaint with the European Accessibility Act (EAA). Our approach aligns with WCAG 2.2 Level AA standards and includes both manual and automated audits through Valantic, continuous monitoring, and annual reviews. This ensures tracking pages and returns portals are accessible for all users.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.parcellab.com/docs/platform/security-compliance/certifications.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.