Compliance

Compliance & Certifications

Our commitment to security, privacy, and regulatory compliance

Compliance Overview

YAVIQ is committed to maintaining high standards of security, privacy, and regulatory compliance. As an early-stage infrastructure SaaS company, we are transparent about our current compliance status and our roadmap for achieving additional certifications.

We understand that enterprise customers require compliance with various standards. We work closely with customers to meet their specific compliance needs while being honest about our current status.

What We Currently Have

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for our European users:

Right to access, rectify, and delete personal data
Data portability
Privacy by design and default
Data breach notification procedures
Data Processing Agreements (DPAs) available upon request

Data Protection

We implement industry-standard data protection measures:

Encryption in transit (TLS 1.2+)
Encryption at rest
Access controls and authentication
Regular security assessments
Minimal data collection and retention

Transparent Policies

We maintain clear, accessible policies:

Privacy Policy (regularly updated)
Terms of Service
Security documentation
Data Processing Agreements

In Progress

SOC 2 Type II

We are currently undergoing SOC 2 Type II certification. This process includes:

Security controls assessment
Availability monitoring
Processing integrity
Confidentiality safeguards
Privacy controls

Expected completion: Q2 2025 (subject to audit timeline)

ISO 27001

We are evaluating ISO 27001 certification for information security management. This is a longer-term goal as we scale our operations.

What We Do NOT Currently Have

HIPAA Compliance

We are not currently HIPAA-compliant. If you require HIPAA compliance for healthcare data processing, please contact us to discuss:

Custom deployment options
Business Associate Agreements (BAAs)
Private cloud or on-premises solutions

PCI DSS

We do not process payment card data directly. Payment processing is handled by third-party providers (Razorpay, etc.) who maintain PCI DSS compliance.

FedRAMP

We do not currently have FedRAMP authorization. This is typically required for U.S. government contracts.

Enterprise Compliance Options

For enterprise customers with specific compliance requirements, we offer:

Custom Data Processing Agreements (DPAs): Tailored agreements that meet your specific compliance needs
Private Cloud Deployment: Deploy YAVIQ in your own infrastructure or compliant cloud environment
VPC Peering: Connect YAVIQ to your private network
On-Premises Deployment: Full control over data residency and compliance
Enhanced Logging & Audit Trails: Comprehensive logging for compliance requirements
Dedicated Support: Compliance-focused support and documentation

Data Residency & Sovereignty

We understand that some customers require data to remain in specific geographic regions. We offer:

Region Selection: Choose where your data is processed (subject to infrastructure availability)
Private Cloud: Deploy in your preferred region or cloud provider
Data Export: Export your data at any time in standard formats
No Cross-Border Transfer: Option to restrict data processing to specific regions

Note: By default, our services may process data in multiple regions for redundancy and performance. Contact us to discuss region-specific requirements.

Compliance Documentation

We provide the following compliance documentation:

Privacy Policy
Terms of Service
Data Processing Agreement (DPA) template
Security documentation
Subprocessor list
Incident response procedures

Enterprise customers can request:

Custom DPAs
Security questionnaires
Compliance attestations
Third-party audit reports (when available)

Contact compliance@yaviq.com to request specific documentation.

Compliance Contact

For compliance-related inquiries:

Compliance Questions: compliance@yaviq.com

Security & Privacy: security@yaviq.com

General Support: hello@yaviq.com

Company: YAVIQ LAB PVT LTD
Jurisdiction: India (Maharashtra)