Certifications, Attestations

SOC 2 Type II

We are SOC 2 Type II certified by Prescient Assurance, providing third-party validation of our security, availability, confidentiality, and processing-integrity controls. This certification demonstrates that our safeguards are continuously operated and independently audited.

A letter of attestation is available to customers on request.

Request SOC 2 Letter of Attestation

HIPAA

parcelLab is HIPAA compliant, protecting protected health information (PHI) with administrative, physical, and technical safeguards that meet the HIPAA Security Rule. Business Associate Agreements (BAAs) are available for customers in healthcare and adjacent sectors.

A HIPAA attestation letter can be provided on request.

Request HIPAA Letter of Attestation

Continuous Compliance Monitoring

Between formal audits, we run continuous compliance monitoring to ensure that controls remain effective. This includes automated checks for asset inventories, access rights, and evidence capture. We use industry-leading tooling, currently powered by Vanta, to maintain real-time assurance.

GDPR and CCPA

Our privacy program is aligned with both GDPR and CCPA requirements. It is overseen by our DPO at ePrivacy GmbH, includes employee training under GDPR Article 32(4), and uses encryption in transit and at rest. Contractual restrictions prevent cross-region data transfers. This ensures lawful processing and data-subject rights for EU and US consumers .

parcelLab holds the ePrivacy Seal, an independent certification of GDPR compliance. This demonstrates that our governance, data minimization, and retention practices meet recognized European privacy standards.

View ePrivacy Seal certificate, external privacy audit

Penetration Testing

Security is validated through annual penetration tests conducted by Cognition Team across backend and frontend systems. Tests follow OWASP and ASVS guidelines, using authenticated scenarios and tools such as BurpSuite, Nuclei, and Nmap. Our most recent assessment confirmed no critical, high, or medium-severity findings, with only low-level issues identified and remediated .

Responsible AI

parcelLab’s Responsible AI program aligns with NIST AI Risk-Management Framework, ISO 42001, and the upcoming EU AI Act. Each model is documented, independently validated, and tracked in a risk register. High-impact use cases always include human oversight, rollback plans, and monitored drift. Incidents are managed under our security response procedures, with GDPR’s 72-hour notification timeline applied where relevant. Regular training ensures teams remain aligned with AI governance best practices.

European Accessibility Act (EAA)

We are fully complaint with the European Accessibility Act (EAA). Our approach aligns with WCAG 2.2 Level AA standards and includes both manual and automated audits through Valantic, continuous monitoring, and annual reviews. This ensures tracking pages and returns portals are accessible for all users.