TerraBog/Compliance

Compliance

Compliance built into every layer

TerraBog is designed to meet the compliance requirements of the world's most regulated industries. From SOC 2 Type II to GDPR and HIPAA, we've done the work so you don't have to start from scratch.

Certifications & Frameworks

Our compliance posture

TerraBog actively maintains certifications across all major enterprise compliance frameworks.

Certified

SOC 2 Type II

Trust Services Criteria

Annual audit by independent CPA firm covering Security, Availability, Confidentiality, Processing Integrity, and Privacy trust service criteria. Full report available to Enterprise customers under NDA.

Last audit

Q4 2025

Next review

Q4 2026

Compliant

GDPR

EU General Data Protection Regulation

Full compliance with GDPR for processing personal data of EU data subjects. Standard Contractual Clauses available for data transfers. DPO appointed. Article 30 records maintained.

Last audit

Ongoing

Next review

Continuous

Q2 2026

ISO 27001

Information Security Management

TerraBog's information security management system is aligned with ISO 27001 requirements. Certification audit in progress, expected completion Q2 2026.

Last audit

Gap assessment Q1 2026

Next review

Certification Q2 2026

BAA

HIPAA

Health Insurance Portability and Accountability Act

TerraBog signs Business Associate Agreements (BAA) for Enterprise customers processing Protected Health Information (PHI). HIPAA-compliant infrastructure available in dedicated regions.

Last audit

Ongoing

Next review

Annual review

Compliant

CCPA / CPRA

California Consumer Privacy Act

Full compliance with CCPA and CPRA requirements for California residents. TerraBog does not sell personal information. Data subject request workflow available to all customers.

Last audit

Ongoing

Next review

Continuous

SAQ-A

PCI DSS

Payment Card Industry Data Security Standard

TerraBog does not store, process, or transmit cardholder data. Payment processing is handled exclusively by Stripe (PCI DSS Level 1 certified). SAQ-A applicable.

Last audit

Annual

Next review

Q1 2027

Security controls

Technical and organizational measures

The controls TerraBog maintains across encryption, access, monitoring, and data governance.

Encryption

AES-256-GCM at rest
TLS 1.3+ in transit
End-to-end for export
AWS KMS key management

Access Control

Role-based access control
MFA enforcement
SSO / SAML 2.0
Just-in-time provisioning

Monitoring

24/7 SOC operations
Real-time anomaly detection
SIEM integration
Automated threat response

Audit & Logging

Append-only audit logs
12-month default retention
SIEM export (Enterprise)
Tamper-evident records

Data Residency

US (default)
EU (Frankfurt)
APAC (Singapore)
Custom regions (Enterprise)

Vulnerability Mgmt

Annual pen testing
CVSS-based prioritization
30-day P1 remediation
Coordinated disclosure

For Enterprise

Compliance package for enterprise procurement

Enterprise customers can request a compliance kit including the SOC 2 Type II report (under NDA), penetration testing summaries, our DPA, and a completed security questionnaire.

SOC 2 Type II report (under NDA)
Annual pen test summary
Executed DPA
Completed security questionnaire
Sub-processor list
GDPR transfer impact assessment

Compliance contacts

Reach the right team

Security & SOC 2 questions

security@terrabog.com

Privacy & GDPR requests

privacy@terrabog.com

Legal & DPA execution

legal@terrabog.com

HIPAA & BAA requests

hipaa@terrabog.com

General compliance inquiries

compliance@terrabog.com

Ready to complete your security review?

Our security team responds to enterprise compliance requests within 2 business days.

Request compliance kit View Security page