Why Circa?

Trust & Safety

Circa adheres to industry-leading privacy and security practices to ensure the highest level of trust and safety of our customers.


Standards & Certifications

SOC-2 Certified

Circa is SOC-2 Type 2 Certified, with the mostrecent report available upon request.


Circa's Privacy Policy and Data Processing Agreement (DPA) comply with the General Data Protection Regulation (GDPR) for users in the EU.


Circa's CCPA Notice and Privacy Policy comply with the California Consumer Rights Privacy Act (CCPA)

Privacy Shield

Circa is certified under the EU-U.S. Privacy Shield Framework for user data transfer and storage.

Enterprise-Grade Security

System Status

Circa uses third-party monitoring services to ensure highup time & availability. You can view our real-time and historical performance here.


Circa encrypts all sensitive data both at rest and in-transit using robust, industry-leading encryption algorithms.

Network Security

Circa's production services run in a private secure cloud on Heroku. Only network protocols essential for making our service work are open at the network's perimeter.

Independent Testing

Circa undergoes regular penetration testing by independent third parties to ensure that our platform is secure.

Access Controls

Access to internal Circa systems requires multiple authentication factors, including 2FA access and device-based authentication tokens.

Audit Logs

Access to Circa customer data in cases when customers need our assistance is logged and regularly audited.

Data Backup

Circa automatically backs up customer data on an at-least daily basis.

On-Call Policy

Circa has an around-the-clock on-call policy for our engineers to be available just in case.