HIPAA Compliant

OnceHub complies with the stringent security and privacy policies required in the healthcare sector. We work with expert consultants to implement the policies and processes required to protect your data and satisfy HIPAA and the HITECH act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security. Companies that require HIPAA compliance can contact us to sign our Business Associate Agreement.

SOC 2 audited

OnceHub is audited for SOC 2 Type 2 compliance by Ernst & Young, one of the Big Four CPA firms. The report outlines how our controls and processes uphold the Trust Service Principles of security, confidentiality, privacy, availability and processing integrity. Auditing of this report is conducted over a one-year monitoring period for both suitability and effectiveness. The latest SOC 2 report can be provided upon request.

Privacy shield

Privacy is at the top of our priority list. At OnceHub, we work with experienced privacy consultants to ensure we meet the highest privacy standards. Our Privacy Policy is compliant with the EU-US Privacy Shield and Swiss Safe Harbor programs.

Compliance with the GDPR

OnceHub is committed to compliance with the General Data Protection Regulation (GDPR). The European Union’s new data protection law unifies different privacy legislation across EU member states. The purpose of this new framework is to strengthen the privacy rights of individuals in regards to how their personal data is being collected, processed, and used. We stand by the GDPR’s key principles, including data protection by design, data protection by default, fairness, transparency, and breach notification. Additionally, we provide our users with all the tools necessary to ensure they can use all OnceHub products in a GDPR compliant manner. Learn more about OnceHub’s compliance with the GDPR

Level 1 PCI DSS Compliant

OnceHub is a PCI DSS level 1 service provider. Our payment security is paramount, and has achieved certified compliance against all PCI DSS version 3.2 requirements. OnceHub strictly adheres to these standards to safeguard your payment data before, during and after purchase. Our ongoing commitment to payment protection includes regular validation by an independent PCI Qualified Security Assessor (QSA). You can rest assured, your organization's payment information is protected by the global standard in payment card security. See our PCI Certificate of Compliance

FERPA Compliant

OnceHub provides educators and other members of the education community with all the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations have the ability to export, correct, and share their OnceHub data as they see fit.

Compliance roadmap

Compliance is an ongoing process, and we are continuously adding to the list of frameworks and certification bodies we work with. If you are interested in an industry-specific certification, please contact us to find out if it’s on our compliance roadmap.