Compliance

Circuit KYC maintains compliance with major regulatory frameworks to help you meet your compliance obligations.

Certifications & Standards

SOC 2 Type II

Circuit KYC is SOC 2 Type II certified, demonstrating our commitment to:

• Security - Protection against unauthorized access
• Availability - System uptime and reliability
• Confidentiality - Data protection measures
• Processing Integrity - Accurate data processing

Request our SOC 2 report: compliance@circuitkyc.com

PCI DSS Level 1

For payment card data handling:

• Annual third-party audit
• Quarterly vulnerability scans
• Secure payment processing via Stripe

ISO 27001 (In Progress)

Information security management system certification expected Q2 2025.

Regulatory Compliance

GDPR (EU)

We comply with the General Data Protection Regulation:

GDPR Right	How We Support It
Right to Access	Data export API
Right to Erasure	Data deletion API
Right to Rectification	Update endpoints
Right to Portability	JSON/CSV export
Right to Object	Opt-out mechanisms

Data Processing Agreement (DPA): Available for all customers. Contact legal@circuitkyc.com.

CCPA (California)

California Consumer Privacy Act compliance:

• Clear privacy notices
• Opt-out of data sales (we don't sell data)
• Data deletion on request
• Non-discrimination for exercising rights

AML/KYC Regulations

Help meet Anti-Money Laundering requirements:

• Bank Secrecy Act (BSA) - Identity verification
• USA PATRIOT Act - Customer identification
• FinCEN - Suspicious activity monitoring
• FATF - International AML standards

Industry-Specific

Industry	Regulations	Support
Banking	OCC, FDIC, Federal Reserve	Full
Fintech	State Money Transmitter Laws	Full
Crypto	FinCEN, State Licenses	Full
Healthcare	HIPAA	BAA Available
Gaming	State Gaming Commissions	Partial

Data Residency

Current Regions

Region	Data Center
United States	AWS us-east-1 (Virginia)

Coming Soon

• European Union (eu-west-1)
• United Kingdom (eu-west-2)
• Asia Pacific (ap-southeast-1)

Enterprise customers can request specific data residency requirements.

Audit & Reporting

Audit Logs

Comprehensive audit logging for compliance:

{
  "event_id": "evt_abc123",
  "timestamp": "2024-01-15T10:30:00Z",
  "event_type": "identity_verified",
  "actor": {
    "type": "api_key",
    "id": "key_hash"
  },
  "resource": {
    "type": "identity",
    "id": "id_hash"
  },
  "metadata": {
    "ip_address": "192.168.1.1",
    "user_agent": "...",
    "result": "success"
  }
}

Retention Periods

Log Type	Retention
API access logs	90 days
Audit logs	7 years
Security events	7 years
Billing records	7 years

Compliance Reports

Generate reports for regulators:

curl -X POST https://api.circuitkyc.com/api/v1/compliance/report \
  -H "X-API-Key: sk_live_your_key" \
  -d '{
    "start_date": "2024-01-01",
    "end_date": "2024-03-31",
    "format": "pdf",
    "include": ["summary", "audit_log", "sanctions_checks"]
  }'

Vendor Management

Our Vendors

We carefully vet all vendors:

Vendor	Purpose	Compliance
AWS	Infrastructure	SOC 2, ISO 27001, FedRAMP
Stripe	Payments	PCI DSS Level 1
Supabase	Database	SOC 2

Vendor Assessment

Before onboarding vendors:

1. Security questionnaire
2. SOC 2 report review
3. Penetration test results
4. Contract security terms
5. Annual reassessment

Your Compliance Responsibilities

As a Circuit KYC customer, you're responsible for:

Technical

• [ ] Secure API key storage
• [ ] TLS for all connections
• [ ] Access control in your systems
• [ ] Secure credential storage

Operational

• [ ] User consent for data sharing
• [ ] Privacy policy updates
• [ ] Staff training
• [ ] Incident response plan

Regulatory

• [ ] Know your regulatory requirements
• [ ] Implement required controls
• [ ] Maintain audit trails
• [ ] Report suspicious activity

Compliance Resources

Documentation

• Privacy Policy
• Terms of Service
• Security Whitepaper
• DPA Template

Contacts

Topic	Contact
SOC 2 Report	compliance@circuitkyc.com
DPA Requests	legal@circuitkyc.com
Security	security@circuitkyc.com
Privacy (GDPR/CCPA)	privacy@circuitkyc.com

Enterprise Compliance

Enterprise customers get additional support:

• Dedicated compliance manager
• Custom audit log integrations
• On-premise deployment option
• Custom data retention policies
• Regulatory consultation

Contact Enterprise Sales