Ironclads’s GDPR compliance program includes Standard Contractual Clauses in conjunction with its Data Processing Addendum. We also comply with US HIPAA to keep PII and PHI data safe. 

Links to our Privacy Policy, Terms of Service, Data Processing Addendum, CA Privacy notice, and Cookie Policy can be found at https://legal.ironcladapp.com.

Routine audits to receive a certified 3rd party SOC 1 & SOC 2 Type II report. We certify against multiple Trust Categories which include security, availability, confidentiality, and privacy.

Ironclad leverages public cloud providers for all data center operations. All of our public cloud vendors are certified under SOC 2, ISO 27001, PCI DSS, and FedRAMP. We leverage multiple data center regions from our providers to provide the most reliable and security services while providing the necessary data residency requirements.

Ironclad is a member of the Cloud Security Alliance (CSA), which strives to make security in the cloud better for all SaaS products and services. Our security team participates in monthly and annual security calls with the CSA to help with industry best practices and guidance towards a more secure cloud environment for all customers.

We offer a public Consensus Assessments Initiative Questionnaire (CAIQ) which is downloadable via the CSA website.

In the event of a disaster, Ironclad maintains a Disaster Recovery Program to ensure all services are recoverable from multiple scenarios. All disaster recovery procedures are tested on a semi-annual basis and we update our Business Continuity Planning (BCP) documentation annually to adapt to any changes within our products or business processes. 

Ironclad strives to maintain all contractual objectives for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).