# Security & Compliance

## Overview

> At parcelLab, security and compliance are built into everything we do. Our platform is independently audited, continuously monitored, and aligned with leading global standards to protect customer data, ensure regulatory readiness, and give enterprises confidence in the resilience of their digital operations.

parcelLab is **SOC 2 Type II** certified through audits by Prescient Assurance, confirming controls for security, availability, confidentiality, and processing integrity. We are also **HIPAA** compliant to protect health data, with letters of attestation available on request. To validate defenses, we conduct annual penetration tests on backend and frontend systems with Cognition Team, following **OWASP** standards.

Security doesn’t stop with yearly audits. We use continuous compliance monitoring tools to track access rights, asset inventories, and evidence collection every day. This gives customers assurance that controls are not only documented but actively enforced across our operations.

Our privacy program covers both **GDPR** and **CCPA**, led by our Data Protection Officer at ePrivacy GmbH. Data is encrypted in transit and at rest and limited by contractual controls to prevent unauthorized transfers. Employees receive mandated privacy training, and our practices are independently verified with the ePrivacy Seal.

parcelLab operates under a **Responsible AI framework** aligned with NIST AI RMF, ISO 42001, and the EU AI Act. Models are documented, validated for fairness and robustness, and overseen with human review where impact is high. Risks are tracked in a model risk register, and incidents follow the same strict security response timelines used for data protection.

We are compliant with the European Accessibility Act (EAA). Our tracking pages and returns portals are audited against **WCAG 2.2 Level AA**, supported by manual and automated testing through Valantic. Ongoing monitoring and annual reviews ensure accessible experiences for all users.

## Learn More

View the following topics for more in-depth information on security and compliance:

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><i class="fa-shield-check">:shield-check:</i> <strong>Certifications &#x26; Attestations</strong></td><td>View our external audits and programs.</td><td><a href="security-compliance/certifications">certifications</a></td></tr><tr><td><i class="fa-arrow-right-to-bracket">:arrow-right-to-bracket:</i> <strong>Single Sign-On (SSO)</strong></td><td>See how you can implement SSO for the App.</td><td><a href="security-compliance/single-sign-on">single-sign-on</a></td></tr><tr><td><i class="fa-album-collection-circle-user">:album-collection-circle-user:</i> <strong>Data Retention Policy</strong></td><td>Learn about our data retention policy.</td><td><a href="security-compliance/data-retention-policy">data-retention-policy</a></td></tr><tr><td><i class="fa-tag">:tag:</i> <strong>White Label Policy</strong></td><td>Learn about how parcelLab maintains high email deliverability rates.</td><td><a href="security-compliance/white-label-policy">white-label-policy</a></td></tr><tr><td><i class="fa-user-shield">:user-shield:</i> <strong>Data Protection APIs</strong></td><td>Find out how you can request GDPR data removal and data provision via API.</td><td><a href="https://app.gitbook.com/s/m5MUhYrMmT0cei4QdxGn/security/data-protection">Data Protection</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.parcellab.com/docs/platform/security-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.