Compliance & Certifications
ApplyOCR maintains the highest standards of security and compliance to protect your data and meet regulatory requirements worldwide.
GDPR Compliant
Full compliance with the EU General Data Protection Regulation, ensuring robust data privacy protection for all users.
- Right to access your data
- Right to deletion (Right to be forgotten)
- Data portability
- Privacy by design
- Consent management
CCPA Compliant
Compliant with the California Consumer Privacy Act, providing California residents with enhanced privacy rights.
- Right to know what data we collect
- Right to delete personal information
- Right to opt-out of data sales (we don't sell data)
- Non-discrimination for exercising rights
ISO 27001 Aligned
Our infrastructure and processes align with ISO 27001 standards for information security management.
- Risk assessment frameworks
- Security incident management
- Regular security audits
- Continuous improvement
Data Protection & Privacy
Data Handling Practices
Automatic Data Deletion
Document contents are automatically deleted immediately after processing. We never store your sensitive document data.
End-to-End Encryption
All data in transit is encrypted using TLS 1.3. Data at rest is encrypted at the infrastructure level by our cloud provider.
Data Residency
Data is processed and stored in secure data centers with compliance certifications. Enterprise customers can request specific geographic processing.
Access Controls
Strict role-based access controls ensure only authorized personnel can access systems. All access is logged and monitored.
Privacy Rights
All users have the following rights regarding their personal data:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request corrections to inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation on how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent for data processing at any time
To exercise any of these rights, please contact us at privacy@applyocr.com. We will respond within 30 days.
Industry-Specific Compliance
HIPAA (Healthcare)
For healthcare customers processing Protected Health Information (PHI), our technical infrastructure supports HIPAA-compliant configurations.
- Business Associate Agreements (BAA) available upon request for Enterprise customers
- Zero data retention policy (documents immediately deleted after processing)
- Audit logging for all API access and processing
- Encrypted data transmission (TLS 1.3) and infrastructure-level encryption at rest
PCI DSS (Payment Processing)
We do not process or store payment card information directly. All payment processing is handled by PCI DSS Level 1 compliant payment processors.
- Stripe (PCI DSS Level 1 certified)
- Tokenized payment information
- No card data touches our servers
ISO 27001 (Information Security)
Our infrastructure and processes align with ISO 27001 standards for information security management.
- Risk assessment and management frameworks
- Security incident management procedures
- Regular security audits and assessments
- Continuous improvement of security controls
Compliance Support
Have questions about our compliance certifications or need additional documentation? Our compliance team is here to help.