Compliance & Certifications

Last Updated: January 7, 2026

Passwall is committed to meeting the highest standards for security, privacy, and compliance. We follow industry best practices and are working towards formal certifications to ensure your data is protected.

1. GDPR Compliance

Passwall complies with the General Data Protection Regulation (GDPR) for all users, regardless of location.

Key GDPR Principles We Follow:

Data Minimization:

We collect only what's necessary to provide our service

Purpose Limitation:

Data used only for stated purposes

Storage Limitation:

Data retained only as long as necessary

Security:

Appropriate technical and organizational measures

Accountability:

Documented compliance and regular audits

Your GDPR Rights:

  • Right to Access: Request a copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your account and data
  • Right to Data Portability: Export in machine-readable format
  • Right to Object: Opt-out of certain processing
  • Right to Lodge Complaint: File complaint with supervisory authority

Data Protection Officer: dpo@passwall.io

2. Security Framework

Passwall follows industry-recognized security frameworks to ensure comprehensive protection:

Security Principles:

Security

Protection against unauthorized access through encryption and access controls

Availability

System accessible for operation and use with high uptime

Confidentiality

Zero-knowledge architecture ensures data confidentiality

3. Information Security Management

We implement comprehensive information security practices:

Key Areas:

  • Information Security Policy: Documented and enforced
  • Risk Assessment: Regular identification and mitigation
  • Asset Management: Inventory and protection
  • Access Control: Role-based and regularly reviewed
  • Cryptography: Strong encryption for all sensitive data
  • Operations Security: Secure development lifecycle
  • Incident Management: Detection, response, and recovery
  • Business Continuity: Disaster recovery planning

4. Industry Standards

4.1 OWASP Compliance

We follow OWASP (Open Web Application Security Project) guidelines:

  • OWASP Top 10 protection (injection, XSS, etc.)
  • Password Storage Cheat Sheet compliance
  • Cryptographic Storage Cheat Sheet
  • Authentication Cheat Sheet

4.2 NIST Framework

We align with NIST Cybersecurity Framework:

  • Identify: Asset and risk management
  • Protect: Access control and data security
  • Detect: Anomaly and event detection
  • Respond: Incident response procedures
  • Recover: Disaster recovery and continuity

4.3 PCI DSS (If Applicable)

While Passwall doesn't directly handle credit cards (Stripe does), we follow PCI DSS principles for data protection.

5. Privacy Regulations

5.1 GDPR (Europe)

  • Legal basis for processing: Legitimate interest and consent
  • Data Protection Impact Assessment (DPIA) completed
  • EU representative appointed

5.2 CCPA (California)

  • California residents have additional rights
  • Do Not Sell My Personal Information honored
  • Annual disclosure of data practices

5.3 Other Jurisdictions

We comply with privacy laws in all jurisdictions where we operate.

6. Industry-Specific Requirements

6.1 Healthcare

For healthcare organizations with specific requirements:

  • Enhanced security controls available
  • Audit logs and access tracking
  • Data residency options

6.2 Financial Services

  • Enhanced due diligence processes
  • Comprehensive audit trail and reporting
  • Additional security measures available

7. Security Documentation

Enterprise customers can request:

  • Security architecture documentation
  • Encryption specifications
  • Security questionnaires (answered)
  • Data processing agreements

Contact compliance@passwall.io to request these documents (NDA may be required).

8. Contact Compliance Team

Get in Touch