Compliance & Data Privacy

DataDome is proud to be SOC 2 Type 2 compliant. An independent auditor, Coalfire, has evaluated our product, infrastructure, and policies, and certifies that DataDome complies with their stringent requirements for Security, Confidentiality, and Availability trust service principles. A copy of DataDome SOC 2 Type 2 report can be requested through your account manager.

DataDome is SOC2 Type 2 compliant

DataDome’s data protection and security policy is compliant with current regulations for processing personal data: CCPA, EU & UK GDPR, HIPAA, PDPA, PIPL, and Swiss FADP. Also, DataDome will never sell any personal information. Explore our full privacy policy here.

CCPA Logo

CCPA

DataDome products, solutions, and programs are compliant with the California Consumer Privacy Act (CCPA), designed to enhance privacy rights and consumer protection for California residents.
GDPR Logo

EU & UK GDPR

DataDome products, solutions, and programs are compliant with the General Data Protection Regulation (GDPR), designed to harmonize data privacy laws across Europe to protect all EU citizens' data privacy.

HIPAA

DataDome products, solutions, and programs are compliant with the Health Insurance Portability and Accountability Act (HIPAA), a US federal law requiring national standards to protect sensitive patient health information.
PDPA Logo

PDPA

DataDome products, solutions, and programs are compliant with the Personal Data Protection Act (PDPA), the law on data protection in Singapore that governs the collection, use, disclosure, and care of personal data.
PIPL Logo

PIPL

DataDome products, solutions, and programs are compliant with China's Personal Identity Protection Law (PIPL), a law protecting citizens' right to opt out or give consent to sharing their information.
FADP Logo

Swiss FADP

DataDome products, solutions, and programs are compliant with the Swiss Federal Act on Data Protection (FADP), rooted in the civil law protection of personality rights (or data privacy).

DataDome Safeguards End-User Privacy

Information contained in either the HTTP POST requests or response body IS NOT collected (e.g. name, email address, credentials, phone number, payment information, information provided when filling forms, details of transactions, etc.).

A complete list of details is publicly available here: docs.datadome.co/reference. The specified data is solely used for detection and security purposes and not shared with any third party.

Where is the data stored?

Data collected is stored using high-performing security standards, including Tier3 data centers, HTTPS connection, OAuth2 authentication delegation, and encryption (TLS/Ipsec VPN). The default retention period (30 days) can be decreased by DataDome customers through their dashboard or with help from the DataDome Success Team. All customer data is deleted within 15 days after the end of a contract.