CTD meets or exceeds standard enterprise compliance requirements. Here's what we're certified for and how we handle specific regulatory frameworks.
SOC 2 Type II
CTD is independently audited against the SOC 2 Type II standard, covering the Trust Services Criteria for Security, Availability, and Confidentiality. Audits are conducted annually by a third-party auditor.
Unlike SOC 2 Type I (which certifies controls exist at a point in time), Type II certification verifies that those controls operated effectively over a sustained period. Enterprise customers can request our SOC 2 report by contacting security@ctd.ai.
GDPR
CTD complies with the General Data Protection Regulation (GDPR) for users in the EU and EEA. Your rights under GDPR include:
- Right to access — you can request a full export of your personal data at any time
- Right to correction — you can update or correct your personal information
- Right to deletion — you can permanently delete your account and all associated data
- Right to portability — your data can be exported in a machine-readable format
CCPA
CTD complies with the California Consumer Privacy Act (CCPA) for California residents. We honor all CCPA rights including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information (we do not sell personal data).
You can submit a CCPA request via our CCPA request form.
Enterprise security reviews
We regularly answer security questionnaires for enterprise customers. Our team is happy to:
- Share our SOC 2 report under NDA
- Complete your organization's security questionnaire
- Walk through our architecture and controls on a call
- Provide penetration test summaries
Contact security@ctd.ai to start the process. We typically turn around questionnaires within 5 business days.