Beta Early access โ€” you're seeing this before public launch. Browse our books See terms of early access

Compliance

Compliance certifications and regulatory information for soft.house.

Overview

soft.house is committed to meeting industry compliance standards. We are currently working towards the following certifications.

Data Handling

Data Residency

  • Primary data stored in Supabase (US region)
  • Edge caching via Cloudflare (global CDN)
  • No PII stored at edge nodes

Data Retention

  • Active account data: retained while account is active
  • Deleted account data: purged within 30 days
  • Payment records: retained per financial regulations
  • Audit logs: retained for 12 months

GDPR

  • Right to access: export your data via API
  • Right to deletion: delete your account and all associated data
  • Data portability: JSON export available
  • Processing agreement: available on request

Planned Certifications

CertificationStatusTarget
SOC 2 Type IPlannedQ2 2026
SOC 2 Type IIPlannedQ4 2026
GDPRIn progressQ1 2026
PCI DSSVia StripeActive

PCI DSS compliance is handled by Stripe. soft.house never stores, processes, or transmits cardholder data directly.

Questions

For compliance-related inquiries, contact compliance@soft.house.