Meet the standards you’re held to
Audited to SOC 2 Type II and ISO 27001, and engineered to support your GDPR and CCPA/CPRA obligations. Below, each standard is broken down requirement by requirement — and exactly how the platform meets or supports it.
Certified where it’s a certification, built to support where it’s a law
SOC 2 and ISO 27001 are certifications we hold and re-earn under audit. GDPR and CCPA are laws — there is no “certificate,” so we give you the capabilities to meet each obligation. You stay the data controller; we’re the processor.
SOC 2 Type II
Certification held · independently audited over time
SOC 2 Type II is an independent auditor's report on whether our controls actually operated effectively across a period (not a single point in time), evaluated against the AICPA Trust Services Criteria. SocialHub.AI maintains a Type II attestation; the report is available under NDA.
Type II = tested over a monitoring window, re-earned each cycle. Report and bridge letter available to prospects/customers under NDA.
ISO 27001
Certification held · certified information-security management system
ISO/IEC 27001 certifies a working Information Security Management System (ISMS) — documented, risk-driven security controls that are audited on a recurring basis. SocialHub.AI is ISO 27001 certified for the platform.
Certification is scoped to the platform and re-audited on the ISO surveillance cycle.
GDPR
Regulation · built to support your obligations (you = controller, we = processor)
GDPR has no “certificate” — compliance is an ongoing obligation that depends on how you configure and use any platform. SocialHub.AI acts as your data processor and gives you the capabilities to meet the core articles. You remain the data controller.
These capabilities support your GDPR programme. They are not legal advice, and compliance depends on your configuration and use.
CCPA / CPRA
Regulation · built to support your obligations (we act as service provider)
The CCPA/CPRA grants California consumers specific rights and treats SocialHub.AI as your service provider — we process data only on your instructions. Here's how each consumer right is supported.
Supports your CCPA/CPRA obligations; not legal advice. Your configuration and disclosures remain your responsibility.
Security by design, not as an add-on
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit, customer-managed keys available. PII is encrypted with blind-index lookup — usable without being exposed.
Access control & audit
RBAC, Azure AD SSO, multi-factor authentication, and an append-only audit trail of sensitive changes.
Data residency
Choose your region — Azure data centers in the US, EU and Asia-Pacific — so data stays where local regulation requires.
Tenant isolation
Each workspace's data is scoped to its own tenant; governed metric/profile access runs read-only against tenant-filtered views.
These capabilities support your compliance programme — they are not legal advice, and your compliance depends on how you configure and use the platform. For certification letters (SOC 2 report, ISO 27001 certificate, DPA) and our full security posture, see Trust & Security.
Related reading
Keep exploring the pages most related to this one.
Behavior Capture
One live, unified profile — served through a governed semantic layer, the single interface the AI reads the business through.
Read more CapabilityDashboard
Real-time scan-to-redemption data as KPI trends, funnel diagnostics, and a rule + LLM next-best-action panel.
Read more CapabilityMetrics — the AI interaction layer
The aggregate layer of the AI-facing semantic layer: the certified, single-definition business meaning over any population or segment. Each metric defined and computed once on one engine — the single interface every AI agent, dashboard and API reads the business through, so they never disagree.
Read more CapabilityData Governance
Trustworthy numbers, member data handled responsibly, access under control and clean data going in — governed inside the platform, with no separate catalog, lineage or monitoring stack to run alongside it.
Read more CapabilityMembers
One verified, field-encrypted member record fused across every channel into a single behavioral timeline.
Read more CapabilityCustom Fields
Add your own attributes to the members, stores and products Flash already tracks — a membership number, a preferred store, a child's birthday — and use them everywhere: segments, personalization and import.
Read more