COMPLIANCE AND CERTIFICATIONS

As a security focused company, complying with industry and regulatory standards while conforming to leading security benchmarks is one of Shape’s primary drivers to continuously improve our security posture. Shape undertakes periodic audits and globally recognized certification assessments to validate the effectiveness and security of our organizational practices, technical solutions, and defenses against potential attackers.

Compliance

Shape continuously monitors the industry for regulatory developments and changes that may impact our organization and services. This allows us to proactively plan for upcoming compliance requirements and take the appropriate steps to ensure our adherence to these requirements. One of these many steps is undergoing stringent readiness assessments to qualify our services against these standards.

GDPR

Shape is committed to offering services that are compliant with the E.U. General Data Protection Regulation (“GDPR”). Data that a customer or its users send to us is only processed in accordance with the customer’s instructions and our GDPR-updated data processing agreements.

Certifications

Certification against leading industry standards provide Shape as well as our customers’ assurance that our established service offerings align with the increasingly complex and evolving benchmarks for security, and deliver the security efficacy required for withstanding todays threat landscape.

PCI DSS 3.2.1

Our services securely handle sensitive financial and customer data and are annually assessed against the PCI Data Security Standard by a Qualified Security Assessor. Shape has met all the requirements of the most recent standard version, 3.2.1 and is fully compliant as a Level 1 Service Provider.

SOC 2 Type II

On an annual basis, Shape undergoes a diligent evaluation of our services against the AICPA Trust Services Criteria by an external professional services firm. Our SOC 2 Type II report details our security, confidentiality, and availability controls protecting customer data and is available upon request.