Trust & Safety

Circa adheres to industry-leading privacy & security best practices for the trust & safety of our customers.

Standards & Certifications

  • SOC-2 Certified Circa is SOC-2 Type 2 Certified, with the most recent report available upon request.
  • GDPR Circa's Privacy Policy and Data Processing Agreement (DPA) comply with the General Data Protection Regulation(GDPR) for users in the EU.
  • CCPA Circa's CCPA Notice and Privacy Policy comply with the California Consumer Rights Privacy Act (CCPA)
  • Privacy Shield Circa is certified under the EU-U.S. Privacy Shield Framework for user data transfer and storage.

Enterprise-Grade Security

  • System Status Circa uses third-party monitoring services to ensure high uptime & availability. You can view our real-time and historical performance here.
  • Encryption Circa encrypts all sensitive data both at rest and in-transit using robust, industry-leading encryption algorithms.
  • Network Security Circa's production services run in a private secure cloud on Heroku. Only network protocols essential for making our service work are open at the network's perimeter.
  • Independent Testing Circa undergoes regular penetration testing by independent third parties to ensure that our platform is secure.
  • Access Controls Access to internal Circa systems requires multiple authentication factors, including 2FA access and device-based authentication tokens.
  • Audit Logs Access to Circa customer data in cases when customers need our assistance is logged and regularly audited.
  • Data Backup Circa automatically backs up customer data on an at-least daily basis.
  • On-Call Policy Circa has an around-the-clock on-call policy for our engineers to be available just in case.