We comply with industry standards and privacy laws
We hold ourselves accountable to independent third-party auditing and testing. Copies or summaries of our most recent reports are available on request as part of our due diligence pack.
OnceHub is committed to compliance with the General Data Protection Regulation (GDPR). We stand by the GDPR’s key principles, including data protection by design, data protection by default, fairness, transparency, and breach notification. We provide our users with the tools necessary to ensure they can use all OnceHub products in a GDPR compliant manner.
OnceHub is a PCI DSS level 1 service provider. Our payment platform has achieved certified compliance against all PCI DSS version 3.2 requirements and is validated annually by an independent PCI Qualified Security Assessor. We protect your payment data before, during, and after purchase.
OnceHub is audited for SOC 2 Type 2 compliance by Ernst & Young. The SOC 2 report outlines how our controls and processes uphold the trust service principles of security, confidentiality, privacy, availability, and processing integrity. Auditing of this report is conducted over a one year monitoring period for both suitability and effectiveness.
OnceHub has certified with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, or Switzerland to the United States, respectively.
OnceHub complies with the policies and processes required to protect your data and to satisfy HIPAA and the HITECH Act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security.
We provide educators and other members of the education community with the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations can export, correct, and share their OnceHub data as they see fit.