Compliance

Compliance Guides

Framework requirements explained by industry. What you actually need to do.

CCPA/CPRA

California Consumer Privacy Act / California Privacy Rights Act

California's privacy law gives residents the right to know what data companies collect about them, delete it, and opt out of having it sold. If you do business in California and are above certain size thresholds, you must comply. Unlike GDPR, CCPA focuses more on disclosure and opt-out rights than requiring consent upfront.

By Industry

Digital Advertising

GDPR

General Data Protection Regulation

GDPR is Europe's strict privacy law, but it applies to you even if you're not in Europe—if any European uses your website or product, you must comply. You need permission to collect data, must tell people exactly what you do with it, and must delete it when asked. Fines can be up to 4% of global revenue.

By Industry

E-commerce

HIPAA

Health Insurance Portability and Accountability Act

HIPAA is the law that protects your medical records. If your business touches patient health data in any way, you must follow strict rules about how you store, share, and protect that information. Breaking these rules can cost millions in fines.

By Industry

Healthcare

NIST CSF

NIST Cybersecurity Framework

NIST CSF is a roadmap for cybersecurity that tells you what to protect and how. It's not a law, but many companies use it because it's practical and well-organized. The framework is organized around five functions: Identify, Protect, Detect, Respond, and Recover (plus Govern in version 2.0).

By Industry

Manufacturing

PCI DSS

Payment Card Industry Data Security Standard

If your business takes credit card payments, PCI DSS applies to you. It's a set of 12 security requirements that protect cardholder data. Failing to comply can result in fines of $5,000-$100,000 per month, and if you have a breach, you could lose the ability to accept credit cards entirely.

By Industry

Retail

SOC 2

System and Organization Controls 2

SOC 2 is like a report card for how well your company protects customer data. If you're a SaaS or cloud company, your enterprise customers will ask for your SOC 2 report before doing business with you. An auditor checks your security controls and writes a report saying whether you passed.

By Industry

SaaS

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices