Compliance & Security

Security & Privacy Alignment

Our platform architecture and operational practices are designed to align with industry-recognized security frameworks and privacy regulations.

SOC 2 Aligned

Controls aligned with SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).

GDPR Aligned

Data processing aligned with GDPR principles, including lawful basis, data minimization, access, and deletion rights.

CPRA/CCPA Aligned

Privacy rights supported where applicable under California privacy regulations.

ADA / WCAG 2.1 AA Aligned

Accessibility implemented consistent with WCAG 2.1 AA guidelines for web content accessibility.

NIST CSF Aligned

Security architecture informed by the NIST Cybersecurity Framework for risk management and security controls.

PCI DSS Via Stripe

Payment processing handled through Stripe, which maintains PCI DSS Level 1 certification.

Data Security Measures

We implement multiple layers of security to protect your data:

Encryption in Transit: All data transmitted over HTTPS/TLS 1.2+
Encryption at Rest: Database and file storage encryption
Access Controls: Role-based access with principle of least privilege
Audit Logging: Comprehensive logging of security-relevant events
Two-Factor Authentication: Optional TOTP-based 2FA for accounts
Session Management: Secure session handling with automatic timeouts

Infrastructure

PRLX View is hosted on enterprise-grade cloud infrastructure with:

Managed PostgreSQL database with automated backups
Application hosting with automatic scaling and redundancy
Content delivery network (CDN) for static assets
DDoS protection and rate limiting
Regular security patches and updates

Privacy Practices

Our privacy practices include:

Clear disclosure of data collection and processing purposes
User rights to access, correct, and delete personal data
Data minimization—we only collect what's necessary
Cookie consent management
Regular privacy impact assessments

For full details, please review our Privacy Policy.

Important Notice PRLX View does not claim third-party certification unless independently audited. The compliance alignments listed above reflect our design principles and operational practices, not formal certifications unless otherwise stated.