Automate schema migrations using DizzleORM and GitHub Actions - Manage thousands of tenants with this workflow
Docs/Platform/Compliance

Compliance

At Neon, we prioritize data security and privacy, and we have achieved several key compliances that validate our efforts. We have completed audits for SOC 2 Type 1 and Type 2, SOC 3, ISO 27001, and ISO 27701, and we adhere to GDPR and CCPA regulations.

SOC 2

We have successfully attained SOC 2 Type 1 and Type 2 compliance. These compliances, validated by independent auditors, confirm that our systems adhere to the American Institute of Certified Public Accountants (AICPA) trust service criteria for security, availability, processing integrity, confidentiality, and privacy.

SOC 3

The SOC 3 report is a public-facing version of the SOC 2 report, providing assurance to external parties about our system's ability to meet the trust service criteria without disclosing sensitive details. Neon Business plan users can request this audit report through our Trust Center.

ISO 27001

ISO 27001 is an internationally recognized standard for information security management systems (ISMS). Our compliance with this standard demonstrates that we follow a systematic and risk-based approach to managing sensitive information, ensuring its security.

ISO 27701

ISO 27701 extends ISO 27001 to include data privacy requirements, helping organizations establish, implement, and maintain a privacy information management system (PIMS) in accordance with GDPR and other privacy laws.

GDPR

The General Data Protection Regulation (GDPR) is the European Union's regulation designed to protect individuals' privacy and personal data. Neon adheres to GDPR requirements, ensuring the rights and data privacy of our users across the EU.

CCPA

The California Consumer Privacy Act (CCPA) grants California residents new rights regarding their personal data. Neon is committed to complying with CCPA, ensuring transparency and control for users over their personal information.

HIPAA

Neon is not yet HIPAA compliant. However, we are actively working towards achieving HIPAA readiness, with a target completion by the end of Q2 2025. Once compliant, we will be able to support applications that require HIPAA compliance, including those that process Protected Health Information (PHI).

Questions?

To learn more about how we protect your data and uphold the highest standards of security and privacy, please visit our Trust Center, where you can also request and download audit reports.

Last updated on

Was this page helpful?