Compliance & Certifications

VulcanCDN is committed to maintaining the highest standards of compliance and security. We are actively working towards industry-standard certifications and implementing best practices to protect your data and meet regulatory requirements.

Compliance Roadmap

Regional Data Protection

GDPR (European Union)

VulcanCDN is fully compliant with GDPR requirements, providing:

• Data processing agreements (DPA) for all customers
• Right to access, rectify, and delete personal data
• Data portability in standard formats
• Privacy by design and by default
• Breach notification within 72 hours
• EU data residency options
• Standard Contractual Clauses for data transfers

CCPA (California)

We comply with California Consumer Privacy Act requirements:

• Disclosure of data collection practices
• Right to know what data is collected
• Right to delete personal information
• Right to opt-out of data sales (we don't sell data)
• Non-discrimination for exercising privacy rights

Other Regional Compliance

• LGPD (Brazil General Data Protection Law)
• PIPEDA (Canada Personal Information Protection)
• Privacy Act (Australia)
• PDPA (Singapore Personal Data Protection Act)

Industry-Specific Compliance

HIPAA (Healthcare)

VulcanCDN offers HIPAA-compliant services for healthcare customers, including:

• Business Associate Agreements (BAA)
• Encrypted transmission and storage of PHI
• Access controls and audit logging
• Breach notification procedures
• Regular risk assessments

FedRAMP (Government)

We are working toward FedRAMP authorization to serve U.S. federal agencies, demonstrating our commitment to government-grade security standards.

Data Residency and Sovereignty

We understand the importance of data residency requirements. VulcanCDN offers:

• Geographic data storage options (EU, US, APAC)
• Control over where your data is processed
• Compliance with local data sovereignty laws
• Transparent data transfer mechanisms
• Option to restrict data to specific regions

Security & Compliance Program

Planned Audits

As part of our compliance roadmap, we plan to conduct:

• Annual SOC 2 Type II audits
• ISO 27001 surveillance audits
• PCI DSS quarterly scans and annual assessments
• Penetration testing by certified security firms
• Vulnerability assessments and remediation

Current Controls

• Quarterly internal security reviews
• Continuous compliance monitoring
• Policy and procedure updates
• Employee security training and awareness
• Vendor risk assessments

Compliance Documentation

As we achieve our compliance certifications, we will provide customers with documentation to support their own compliance efforts:

• SOC 2 Type II reports (under NDA, upon certification)
• ISO 27001 certificates (upon certification)
• Data Processing Agreements (DPA) - Available now
• Business Associate Agreements (BAA) - Available now
• Standard Contractual Clauses - Available now
• Security questionnaires and assessments - Available now
• Compliance attestations - Available now

Subprocessors

We maintain transparency about our subprocessors and CDN partners. A complete list is available in your account dashboard and includes:

• CDN provider details and locations
• Infrastructure and hosting partners
• Payment processors
• Analytics and monitoring services

We notify customers at least 30 days before adding new subprocessors and provide opt-out mechanisms where applicable.

Customer Responsibilities

While we maintain our compliance certifications, customers are responsible for:

• Ensuring content complies with applicable laws
• Obtaining necessary consents for data processing
• Properly configuring security settings
• Maintaining their own compliance requirements
• Conducting their own due diligence

Questions About Compliance?

Our compliance team is here to help answer your questions and provide documentation:

Email: compliance@vulcancdn.com
Documentation: Available in your account dashboard

For enterprise customers, we offer dedicated compliance support and custom agreements.