Compliance your team can trust.

Yes. Basedash is SOC 2 Type II certified, audited annually against the security, availability, and confidentiality trust services criteria, with continuous monitoring between audits. The current SOC 2 report is available to qualified prospects and customers under NDA.

Basedash supports HIPAA workflows for protected health information (PHI) with strict access boundaries, and a business associate agreement (BAA) is available on eligible plans. Healthcare teams commonly run Basedash in a private VPC or self-hosted deployment for additional control.

Yes. Basedash supports GDPR and CCPA obligations, including data subject access and deletion rights. A data processing addendum (DPA) with standard contractual clauses (SCCs) is available for international data transfers, and regional data residency or self-hosting options support data localization requirements.

Basedash aligns its controls with ISO 27001 so it maps cleanly onto enterprise information security management programs. Reach out for current details on certification status and how Basedash fits your ISO 27001 requirements.

Enterprise prospects and customers can request the latest SOC 2 Type II report, penetration test summary, and other security documentation under NDA. Contact sales or your account team and we will share the current package for your security review.

Yes. Basedash supports enterprise procurement workflows, including completing security questionnaires (SIG, CAIQ, and custom), signing a DPA and master service agreement, and participating in legal and stakeholder review cycles. We help move evaluations through security, legal, and procurement efficiently.

Customer data is hosted in supported cloud regions, or fully inside your own infrastructure with a self-hosted or VPC deployment. A current sub-processor list is available with advance notice of material changes, and a data processing addendum governs how data is handled.