Back to Home

Compliance

VelSight maintains compliance with industry standards and regulatory requirements to ensure your data is handled responsibly.

Note: This is a placeholder page. Compliance documentation should be reviewed by legal counsel and your compliance team.

GDPR

General Data Protection Regulation compliance for EU data subjects with data rights and privacy protections.

HIPAA

Health Insurance Portability and Accountability Act compliance for protected health information (if applicable).

SOC 2

SOC 2 Type II compliance (in progress) demonstrating security, availability, and confidentiality controls.

CCPA

California Consumer Privacy Act compliance providing California residents with data rights.

Regulatory Compliance

GDPR (General Data Protection Regulation)

For users in the European Union, we provide:

  • Right to access personal data
  • Right to data portability
  • Right to erasure ("right to be forgotten")
  • Right to rectification
  • Data Processing Agreements (DPA) available
  • EU-US data transfer mechanisms
  • Data protection impact assessments

HIPAA (Health Insurance Portability and Accountability Act)

[If handling PHI] We provide:

  • Business Associate Agreements (BAA)
  • Protected Health Information (PHI) safeguards
  • Access controls and audit trails
  • Encryption of PHI at rest and in transit
  • Regular risk assessments
  • Breach notification procedures

CCPA (California Consumer Privacy Act)

California residents have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Opt-out of the sale of personal information
  • Access their personal information
  • Request deletion of personal information
  • Non-discrimination for exercising CCPA rights

Industry Standards

SOC 2 Type II

[Status: In Progress/Planned/Completed]
We follow the Trust Services Criteria for:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

ISO 27001

[Status: Planned]
Information Security Management System certification demonstrating systematic approach to managing sensitive information.

Data Governance

  • Clear data classification and handling procedures
  • Data retention and deletion policies
  • Regular compliance audits
  • Third-party security assessments
  • Vendor risk management program

Research Data Compliance

We support compliance with research-specific regulations:

  • IRB (Institutional Review Board) requirements
  • 21 CFR Part 11 for electronic records and signatures (if applicable)
  • NIH and NSF data sharing requirements
  • Good Clinical Practice (GCP) guidelines

International Compliance

  • Data residency options for different regions
  • Compliance with local data protection laws
  • International data transfer mechanisms

Audit Reports

Upon request and with appropriate NDAs, we can provide:

  • SOC 2 reports (when available)
  • Penetration test summaries
  • Security questionnaire responses
  • Compliance documentation

Questions?

For compliance-related questions or to request compliance documentation, please contact:
Email: [compliance@velsight.com]
Address: [Your Company Address]