Compliance

We are currently undergoing the SOC 2 Type 1 certification process. SOC 2 (Service Organization Control 2) is a framework for managing data security, availability, processing integrity, confidentiality, and privacy.

What This Means:

• We are working with an independent auditor to assess our controls
• Our security, availability, and confidentiality controls are being evaluated
• We expect to complete certification in Q2 2026
• We will publish our SOC 2 Type 1 report upon completion

Status: In Process - Expected completion Q2 2026

We are committed to building our compliance program and aligning our practices with industry standards and regulatory requirements. Our compliance efforts focus on data protection, security, and privacy best practices.

Areas of Focus:

• Data protection and privacy regulations (GDPR, CCPA, PIPEDA)
• Security controls and best practices
• Industry-standard compliance frameworks
• Regulatory requirements in jurisdictions where we operate

We continuously work to improve our compliance posture and align with industry best practices.

We take a proactive approach to compliance, focusing on building strong security and privacy practices. Our compliance efforts are designed to protect customer data and meet regulatory requirements.

Our Approach Includes:

• Implementing security and privacy best practices
• Following industry-standard frameworks and guidelines
• Regular review and improvement of our processes
• Working toward formal certifications and assessments
• Maintaining transparency about our compliance status

We leverage enterprise-grade infrastructure and work with trusted service providers who maintain their own security certifications and compliance standards.

Infrastructure Security:

• AWS infrastructure with built-in security features
• Vercel platform security and compliance
• Trusted service providers with their own certifications
• Regular security updates and patches

Our infrastructure providers maintain industry certifications and compliance standards that help protect our platform and customer data.

We are aware of and work to align with applicable laws and regulations in the jurisdictions where we operate, including data protection, privacy, and industry-specific requirements.

Regulatory Areas:

• Data protection and privacy laws (GDPR, CCPA, PIPEDA)
• Industry-specific regulatory requirements
• E-commerce and business regulations
• International data transfer requirements

We continuously monitor regulatory developments and work to ensure our practices align with applicable requirements.

If you have questions about our compliance practices or would like to discuss compliance-related matters, please contact us.

Contact: compliance@toolswift.ca

We are committed to transparency about our compliance journey and will provide information about our certifications and assessments as they become available.