Compliance
Compliance certifications and regulatory information for soft.house.
Overview
soft.house is committed to meeting industry compliance standards. We are currently working towards the following certifications.
Data Handling
Data Residency
- Primary data stored in Supabase (US region)
- Edge caching via Cloudflare (global CDN)
- No PII stored at edge nodes
Data Retention
- Active account data: retained while account is active
- Deleted account data: purged within 30 days
- Payment records: retained per financial regulations
- Audit logs: retained for 12 months
GDPR
- Right to access: export your data via API
- Right to deletion: delete your account and all associated data
- Data portability: JSON export available
- Processing agreement: available on request
Planned Certifications
| Certification | Status | Target |
|---|---|---|
| SOC 2 Type I | Planned | Q2 2026 |
| SOC 2 Type II | Planned | Q4 2026 |
| GDPR | In progress | Q1 2026 |
| PCI DSS | Via Stripe | Active |
PCI DSS compliance is handled by Stripe. soft.house never stores, processes, or transmits cardholder data directly.
Questions
For compliance-related inquiries, contact compliance@soft.house.