Compliance & Certifications

Status: Fully Compliant

Echosphere complies with the European Union's General Data Protection Regulation (GDPR) for all users worldwide. We uphold the highest standards of data protection regardless of your location.

Your GDPR Rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Export your data in machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw previously given consent at any time

Our GDPR Commitments:

• Data Processing Agreements (DPAs) available for all store owners
• Data breach notification within 72 hours
• Privacy by Design and by Default
• Regular Data Protection Impact Assessments (DPIAs)
• EU-based data storage options available

Contact our DPO: dpo@nodes.ink

Status: Fully Compliant

We comply with the California Consumer Privacy Act and provide California residents with specific privacy rights.

California Consumer Rights:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Our CCPA Practices:

• We do NOT sell personal information
• Transparent data collection and use disclosures
• Free exercise of CCPA rights
• Respond to verified requests within 45 days

Status: PCI DSS Level 1 Compliant (via certified payment processors)

We never store credit card numbers on our servers. All payment processing is handled by PCI DSS Level 1 certified providers:

• Stripe: PCI DSS Level 1 Service Provider
• PayPal: PCI DSS Level 1 Service Provider
• Square: PCI DSS Level 1 Service Provider

Payment Security Measures:

• Payment tokenization - no card numbers stored
• TLS 1.3 encryption for all payment transactions
• Secure payment form iframes
• Regular security assessments and audits
• Network segmentation and firewall protection

Status: SOC 2 Type II Certified

Our infrastructure providers are SOC 2 Type II certified, ensuring the highest standards for security, availability, processing integrity, confidentiality, and privacy.

Trust Service Criteria:

• Security: Protection against unauthorized access
• Availability: 99.9% uptime SLA
• Processing Integrity: Complete and accurate processing
• Confidentiality: Protection of confidential information
• Privacy: Personal information collected, used, retained, disclosed properly

SOC 2 reports available upon request for enterprise customers.

Status: Aligned with ISO 27001 Standards

Our security practices align with ISO 27001 international standards for information security management systems (ISMS).

• Risk assessment and treatment processes
• Information security policies and procedures
• Security awareness training for all staff
• Incident management procedures
• Regular security audits and reviews
• Business continuity and disaster recovery planning

Status: Fully Compliant

As a Canadian-based platform, we comply with Canada's federal privacy law for private-sector organizations.

PIPEDA Principles:

• Accountability for personal information
• Identifying purposes for data collection
• Obtaining consent for collection, use, or disclosure
• Limiting collection to necessary purposes
• Limiting use, disclosure, and retention
• Ensuring accuracy of personal information
• Safeguarding personal information with appropriate security
• Openness about policies and practices
• Individual access to their personal information
• Ability to challenge compliance

Primary Data Center: Canada

Backup Locations: Geo-redundant across multiple Canadian regions

Data Location Options:

• Default: Canadian data centers with Canadian data protection laws
• Enterprise customers can request specific geographic data storage
• EU data residency available for GDPR compliance
• Cross-border transfers protected with Standard Contractual Clauses (SCCs)

Status: WCAG 2.1 Level AA Compliant

We are committed to making our platform accessible to all users, including those with disabilities.

• WCAG 2.1 Level AA compliance for platform interface
• Keyboard navigation support
• Screen reader compatibility
• Alternative text for images
• Color contrast ratios meet accessibility standards
• Accessible form labels and error messages

Questions About Compliance?

Our compliance team is here to help with any questions about our regulatory adherence, certifications, or to provide compliance documentation.