Data Security & Privacy Policies
Maintaining the security of our services and managing the privacy concerns of our customers are our top priorities. We understand that the data we process for you is important and needs to be protected.
Privacy & Security Features
Accredible's robust security policies ensure your data is protected
We have contractual agreements in place with every supplier ensuring that they can't pass on your data and that they secure your data to a high standard.
EU Model Clauses
We have a bespoke, carefully crafted data privacy agreement which includes the EU model clauses to give you and your customers piece of mind.
Secure Data Storage
Our data is stored at a secure tier 3 SOC 2-certified data center.
Identity & Access Control
Accredible employs a role-based access control framework that ensures data is only provided to employees where their job responsibilities require it.
We have frequent, automated penetration testing and vulnerability scanning in place.
Accredible’s data privacy controls, software, infrastructure, and systems are audited both internally and independently (externally) on an annual basis.
We've worked hard to ensure that we're ready for the EU General Data Protection Regulation (GDPR).
What is GDPR?
On May 25, 2018, the General Data Protection Regulation (GDPR) took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website.
We offer a Data Processing Agreement (DPA) that you can opt into. DPAs include standard contractual clauses ("Model Clauses") that are the mechanism for GDPR-compliant data transfer. The DPA includes all the information on what Accredible does with your data, who has access to it, who it is shared with.
To satisfy the data portability requirements for GDPR, you can easily export data from your account, and submit a request to remove data at any time.
Our agreements clearly state that we're not able to share your data with any third party that's not bound by our data privacy agreement. We've formed contractual relationships with all of our suppliers that do things like host our databases (Amazon Web Services) or provide data backup hosting (Google Cloud) to ensure full legal and process protection for your data in accordance with EU privacy law.
Credential Recipients' Data Rights
Credential recipients can retrieve a copy of all the data that Accredible holds on them and can submit a request to have it completely removed from Accredible's records. You will be notified if a recipient has requested to be forgotten.
Data Security & Privacy White Paper
Accredible has prepared a whitepaper that outlines our commitment to data privacy and answers the most common security and data protection questions.
The whitepaper describes how Accredible is compliant with the Data Protection Directive - Directive 95/64/EC.
World Class Infrastructure
Accredible is Hosted on the Best Infrastructure Available. It Has the Following Certifications, Laws, and Regulations:
Certifications / Attestations
- DoD SRG
- MLPS Level 3
- PCI DSS Level 1
- SEC Rule 17-a-4(f)
- SOC 1
- SOC 2
- SOC 3
- UK Cyber Essentials Plus
Laws / Regulations / Privacy
- DNB [Netherlands]
- EU Model Clauses
- IRS 1075
- My Number Act [Japan]
- U.K. DPA - 1988
- VPAT / Section 508
- EU Data Protection Directive
- Privacy Act [Australia]
- Privacy Act [New Zealand]
- PDPA 2010 [Malaysia]
- PDPA 2012 [Singapore]
- Spanish DPA Authorization