Compliance

Our commitment to regulatory compliance and data protection standards

Our Commitment to Compliance

TODAY Type is committed to maintaining the highest standards of regulatory compliance and data protection. We understand the importance of trust when it comes to handling your data, and we continuously work to meet and exceed industry standards.

Data Protection Regulations

GDPR Compliant

The General Data Protection Regulation (GDPR) is the European Union's comprehensive data protection law. TODAY Type is fully committed to GDPR compliance:

Lawful Basis: We process personal data only with a valid legal basis
Data Subject Rights: We respect and facilitate all GDPR rights including access, rectification, erasure, and portability
Data Protection by Design: Privacy considerations are built into our product development
Data Processing Agreements: We offer DPAs to all enterprise customers
Data Transfers: International transfers are protected by appropriate safeguards

CCPA Compliant

The California Consumer Privacy Act (CCPA) provides California residents with specific privacy rights. We comply with CCPA requirements:

Right to Know: Users can request details about data we collect
Right to Delete: Users can request deletion of their personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We do not discriminate against users who exercise their rights

Security Practices

Enterprise Security Standards

For enterprise customers with specific compliance requirements, we offer:

Custom Data Processing Agreements (DPAs)
Single Sign-On (SSO) integration
Role-based access controls
Audit logging and monitoring
Data residency options
Custom data retention policies

Data Processing

Sub-processors

We use a limited number of trusted sub-processors to provide our services. Our sub-processors are contractually bound to protect your data:

Cloud Infrastructure: Microsoft Azure (data hosting and processing)
Email Services: For transactional and notification emails
Payment Processing: Secure payment handling (PCI-DSS compliant)
Analytics: Self-hosted Matomo (privacy-focused analytics)

Data Residency

By default, data is stored in secure data centers in the United States. Enterprise customers may request specific data residency arrangements to meet local regulatory requirements.

Employee Training

All TODAY Type employees undergo regular training on:

Data protection principles and regulations
Security best practices
Incident response procedures
Privacy by design principles

Incident Response

We maintain a comprehensive incident response plan that includes:

24/7 monitoring for security events
Defined escalation procedures
Notification procedures in compliance with applicable laws
Post-incident analysis and improvement

Documentation and Agreements

We provide the following documentation to support your compliance requirements:

Data Processing Agreement (DPA): Available for enterprise customers
Security Whitepaper: Detailed overview of our security practices
Vendor Assessment Questionnaire: Pre-filled responses for common security questionnaires

To request compliance documentation, contact compliance@tdy.ai.

Continuous Improvement

Compliance is an ongoing process. We continuously:

Monitor changes in regulatory requirements
Conduct regular internal audits
Update policies and procedures as needed
Seek third-party verification of our practices

Contact Us

For compliance-related inquiries or to request documentation:

Email: compliance@tdy.ai
For data protection requests: privacy@tdy.ai
General inquiries: Contact Form