Shape continuously monitors the industry for regulatory developments and changes that may impact our organization and services. This allows us to proactively plan for upcoming compliance requirements and take the appropriate steps to ensure our adherence to these requirements. One of these many steps is undergoing stringent readiness assessments to qualify our services against these standards.
Shape is committed to offering services that are compliant with the E.U. General Data Protection Regulation (“GDPR”). Data that a customer or its users send to us is only processed in accordance with the customer’s instructions and our GDPR-updated data processing agreements.
The following products are GDPR compliant: Shape Enterprise Defense, DeviceID+, Shape AI Fraud Engine ("SAFE"), and Shape Recognize.
Certification against leading industry standards provide Shape as well as our customers’ assurance that our established service offerings align with the increasingly complex and evolving benchmarks for security, and deliver the security efficacy required for withstanding todays threat landscape.
Our services securely handle sensitive financial and customer data and are annually assessed against the PCI Data Security Standard by a Qualified Security Assessor. Shape has met all the requirements of the most recent standard version, 3.2.1 and is fully compliant as a Level 1 Service Provider.
On an annual basis, Shape undergoes a diligent evaluation of our services against the AICPA Trust Services Criteria by an external professional services firm. Our SOC 2 Type II report details our security, confidentiality, and availability controls protecting customer data and is available upon request.