Compliance & Security
Transparent documentation of our capabilities, limitations, and commitment to data protection
Important Disclaimer
DigiAuditAI is an AI-powered strategic assessment tool. Our reports are generated for informational and planning purposes only. This platform does NOT provide formal compliance certifications, legal advice, financial advice, or audit attestations. All recommendations should be verified with qualified professionals before implementation.
What DigiAuditAI IS
What DigiAuditAI is NOT
Compliance Framework Status
GDPR (EU)
General Data Protection Regulation
✓ What We Provide:
- Explicit consent collection mechanisms
- Right to access your data
- Right to data portability (JSON export)
- Right to erasure (deletion requests)
- Data processing transparency
- Secure data encryption in transit and at rest
⚠ Limitations:
- We are not a certified GDPR auditor
- Cannot certify your organization's GDPR compliance
- Our reports do not constitute DPIAs
SOC 2 Type II
Service Organization Control 2
✓ What We Provide:
- Security controls based on SOC 2 principles
- Access control and authentication
- Audit logging of system activities
- Encrypted data storage
- Availability and integrity measures
✗ Limitations:
- DigiAuditAI is NOT SOC 2 certified
- We cannot provide SOC 2 attestation
- Our assessments are not SOC 2 audits
ISO 27001
Information Security Management
✓ What We Provide:
- Information security management practices
- Risk-based security approach
- Access management controls
- Incident response procedures
- Business continuity considerations
✗ Limitations:
- DigiAuditAI is NOT ISO 27001 certified
- We cannot certify your ISMS
- Our reports are not ISO audit reports
CCPA (California)
California Consumer Privacy Act
✓ What We Provide:
- Right to know what data we collect
- Right to delete personal information
- Right to opt-out of data sales (we do not sell data)
- Non-discrimination for exercising rights
- Privacy notice at collection
⚠ Note:
- We do NOT sell personal information
- Third-party sharing requires explicit consent
Canadian Privacy Compliance
Compliance & Privacy
Personal Information Protection and Electronic Documents Act
✓ We adhere to Compliance & Privacy's 10 Fair Information Principles:
- Accountability for personal information
- Identifying purposes before collection
- Obtaining meaningful consent
- Limiting collection to what's necessary
- Limiting use, disclosure, and retention
- Ensuring accuracy of personal information
- Implementing security safeguards
- Being open about policies and practices
- Providing individual access to data
- Providing recourse for complaints
Compliance & Privacy
Canada's Anti-Spam Legislation
✓ Compliance & Privacy Compliance Measures:
- Explicit consent for commercial electronic messages
- Clear identification in all communications
- Unsubscribe mechanism in every email
- Physical mailing address included
- Consent records maintained
- Implied consent expiry tracking
Data Security Measures
Encryption
- TLS 1.3 for data in transit
- AES-256 encryption at rest
- Encrypted database connections
- Secure API endpoints
Infrastructure
- Cloud-hosted secure environment
- Regular security updates
- Automated backups
- Disaster recovery procedures
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication available
- Session management
- Audit logging of access
Your Data Rights
Right to Access
Request a copy of all data we hold about you
Right to Portability
Export your data in machine-readable format (JSON)
Right to Erasure
Request deletion of your personal data
Right to Rectification
Correct inaccurate personal information
To exercise any of these rights, contact us at [email protected]
Frequently Asked Questions
Contact Us
For privacy inquiries, data requests, or compliance questions
Legal Entity
Digi Cosmos
(A Division of Healthcart Inc.)
Canada
Related Legal Documents
© 2026 Digi Cosmos (A Division of Healthcart Inc.). All rights reserved.
Last Updated: February 2026