Trust
Compliance
Last updated: 2026-05-11 · Version 1
We do not claim certifications we do not hold. The table below shows where Slide Practice is today. If a procurement requirement does not fit, tell us — we will say no clearly rather than pretend.
| Framework | Status | Notes |
|---|---|---|
| SOC 2 Type I | Planned | Target window: first 18 months after general availability. Vendor selection underway. |
| SOC 2 Type II | Planned | Follows the Type I observation period. Targeted 12 months after Type I. |
| ISO 27001 | Planned | Tracked alongside SOC 2 for European customers. No formal start date yet. |
| HIPAA | Not pursued | Slide Practice is for coaching, which is generally not a regulated profession. We do not sign Business Associate Agreements. If you handle PHI, use an EHR; we cannot be your data backbone. |
| GDPR (EU) | In effect | Slide Practice processes EU resident data under SCC and complies with GDPR data-subject rights. See Privacy Policy §3, §8, §11. |
| CCPA/CPRA (California) | In effect | See Privacy Policy §8 for the rights list and Section 5 for the no-sale attestation. |
| Philippines DPA | In effect | Cross-border transfer safeguards via SCC; National Privacy Commission contact path in Privacy Policy. |
| PCI DSS | In effect | We never see cardholder data. Our merchant of record, Lemon Squeezy, handles card capture, tokenization, and storage as a PCI DSS Level 1 provider. |
Audit and evidence
Procurement teams: email support@slidepractice.com for the current evidence pack (sub-processor list, encryption at rest documentation, access-control summary, incident response runbook). We deliver under NDA within five business days.