# Security & Compliance

## Overview

> At parcelLab, security and compliance are built into everything we do. Our platform is independently audited, continuously monitored, and aligned with leading global standards to protect customer data, ensure regulatory readiness, and give enterprises confidence in the resilience of their digital operations.

parcelLab is **SOC 2 Type II** certified through audits by Prescient Assurance, confirming controls for security, availability, confidentiality, and processing integrity. We are also **HIPAA** compliant to protect health data, with letters of attestation available on request. To validate defenses, we conduct annual penetration tests on backend and frontend systems with Cognition Team, following **OWASP** standards.

Security doesn’t stop with yearly audits. We use continuous compliance monitoring tools to track access rights, asset inventories, and evidence collection every day. This gives customers assurance that controls are not only documented but actively enforced across our operations.

Our privacy program covers both **GDPR** and **CCPA**, led by our Data Protection Officer at ePrivacy GmbH. Data is encrypted in transit and at rest and limited by contractual controls to prevent unauthorized transfers. Employees receive mandated privacy training, and our practices are independently verified with the ePrivacy Seal.

parcelLab operates under a **Responsible AI framework** aligned with NIST AI RMF, ISO 42001, and the EU AI Act. Models are documented, validated for fairness and robustness, and overseen with human review where impact is high. Risks are tracked in a model risk register, and incidents follow the same strict security response timelines used for data protection.

We are compliant with the European Accessibility Act (EAA). Our tracking pages and returns portals are audited against **WCAG 2.2 Level AA**, supported by manual and automated testing through Valantic. Ongoing monitoring and annual reviews ensure accessible experiences for all users.

## Learn More

View the following topics for more in-depth information on security and compliance:

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><i class="fa-shield-check">:shield-check:</i> <strong>Certifications &#x26; Attestations</strong></td><td>View our external audits and programs.</td><td><a href="security-compliance/certifications">certifications</a></td></tr><tr><td><i class="fa-arrow-right-to-bracket">:arrow-right-to-bracket:</i> <strong>Single Sign-On (SSO)</strong></td><td>See how you can implement SSO for the App.</td><td><a href="security-compliance/single-sign-on">single-sign-on</a></td></tr><tr><td><i class="fa-album-collection-circle-user">:album-collection-circle-user:</i> <strong>Data Retention Policy</strong></td><td>Learn about our data retention policy.</td><td><a href="security-compliance/data-retention-policy">data-retention-policy</a></td></tr><tr><td><i class="fa-tag">:tag:</i> <strong>White Label Policy</strong></td><td>Learn about how parcelLab maintains high email deliverability rates.</td><td><a href="security-compliance/white-label-policy">white-label-policy</a></td></tr><tr><td><i class="fa-user-shield">:user-shield:</i> <strong>Data Protection APIs</strong></td><td>Find out how you can request GDPR data removal and data provision via API.</td><td><a href="https://app.gitbook.com/s/m5MUhYrMmT0cei4QdxGn/security/data-protection">Data Protection</a></td></tr></tbody></table>