Security & Compliance
Enterprise-grade protection for every trading partner
Datasync is built with layered defenses, rigorous audits, and transparency at every step.
From SOC 2 Type II to HIPAA, we provide the evidence security teams require—plus the tooling operators need to sleep at night.
Certifications & audits
SOC 2 Type II
Independently audited annually with continuous monitoring.
HIPAA
Business associate agreements and PHI safeguards available.
GDPR
EU data residency, SCCs, and DPA on request.
Defense-in-depth layers
Secure connectivity
Mutual TLS for AS2, managed SSH keys for SFTP, IP allow lists, and optional hardware VPN tunnels.
Data protection
AES-256 encryption at rest, TLS 1.2+ in transit, field-level masking, and bring-your-own KMS options.
Access governance
SCIM/SSO, role-based access controls, audit trails, and just-in-time privileged access.
Operational resilience
Active-active regions, automated failover, proactive monitoring, and chaos testing.
Controls we operate daily
Continuous monitoring
Automated alerting, log aggregation, and anomaly detection piped into our SOC and your SIEM.
Change management
Peer-reviewed changes, automated tests, and rollbacks with complete audit history.
Incident response
24/7 security desk with documented playbooks and customer notifications inside of SLA.
Vendor management
Risk reviews, least-privilege policies, and annual assessments for every subprocesser.
Trust milestones
SOC 2 Type II achieved 2020, recertified annually
Completed without exceptions thanks to continuous control monitoring.
HIPAA attestation 2021
Independent evaluators validated Datasync’s controls for PHI.
Zero critical security incidents to date
We publish a public changelog for every security fix.
Need to involve your security team?
We’ll share pen tests, policies, and meet with your stakeholders.