All data center, network and server level standards, security and compliance is inherited from our hosting provider - Microsoft Azure.
Azure undergoes regular independent third-party SOC 1 Type 2 and SOC 2 Type 2 audits and is certified according to ISO/IEC 27001 and ISO/IEC 27018 standards.
You can read more about Microsoft Azure's certifications and compliance here:
nomorePAPER itself is European GDPR compliant and we're working on being fully HIPAA compliant in the coming months.
Our processes and practices are based on industry standards and we intend to be certified for ISO 27001 in the future.
In terms of email data transmissions, we use SendGrid for all email facilities.
We have a GDPR-compliant Data Processing Agreement (DPA) in place with SendGrid, and we're careful to not process any data with SendGrid beyond what is required to send email messages.
SendGrid's servers generally operate in the USA but the data flows are covered by their GDPR-compatible US Privacy Shield compliance.
We do not hold other specific certifications, our focus on industry standards and compliance tends to overlap favourably with most guidelines and regulations.
For example, we do not specifically target FDA CFR Title 21 Part 11, however Azure does address Part 11 compliance.
For specific standards or regulations, we recommend that you consult the relevant published documentation to assess in light of the above.
Please feel free to contact us if you require more clarification.