Data Security & Privacy Compliance

Security & Privacy Practices

Passpack only engages with those companies most regarded and independently verified for data security, confidentiality, integrity and regulatory compliance.

Security

Passpack is contracted with phoenixNAP, our trusted partner provisioning our cloud computing infrastructure and data management. We choose phoenixNAP because of their stringent security measures, which include:

SOC 2, type 2 audits (SOC, or Service Organization Control, is an independent auditing process that ensures compliance with the highest security standards, protecting customers ’ interests and privacy.
Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
ISO 27001 certification.

Privacy

Passpack is committed to CCPA and GDPR and ensures that all of Passpack’s sub-processors utilize an approved framework (e.g., EU-U.S. Data Privacy Framework program) to transfer customers’ personal data from the EEA, UK, or Switzerland to the U.S. Also refer to our Privacy Policy.

HIPPA

Passpack is a zero-knowledge security platform that is HIPAA compliant. Strict adherence and controls covering privacy, confidentiality, integrity and availability are maintained. With this security architecture, Passpack cannot decrypt, view or access any information, including ePHI, stored in a user’s Passpack Vault. For the foregoing reasons, Passpack is not a Business Associate as defined in the Health Insurance Portability and Accountability Act (HIPAA), and therefore, is not subject to a Business Associate Agreement.