Compliance and security

Hookdeck aims to be compliant with consumer and citizen protection regulations, as well as safe data practices, where possible. If there is a regulation or security practice you'd like implemented, please contact us with information on your specific use case and needs.

Compliance status

✅ Hookdeck is GDPR compliant.

Hookdeck fully complies with the EU's General Data Protection Regulation.

✅ Hookdeck is CCPA compliant.

Hookdeck fully complies with the California Consumer Privacy Act.

✅ Hookdeck is CPPA compliant.

Hookdeck fully complies with Canada's Consumer Privacy Protection Act.

✅ Hookdeck is SoC 2 Type 2 since in Q4 2023.

You can request our SoC 2 Type 2 report in your Trust Center

❌ Hookdeck is not HIPAA compliant.

Hookdeck is not compliant with the Health Insurance Portability and Accountability Act. Please contact us if your organization requires this and would like to use our platform.

Data security

✅ Hookdeck has undergone a security audit.

Hookdeck has passed a complete security audit. Contact us to request the report.

✅ Hookdeck keeps backups of your data.

Data redundancy is important to us. In the event of a failure, we keep encrypted backups of your data.

✅ Hookdeck encrypts data at rest.

Your user data is encrypted in our database.

✅ Hookdeck encrypts data in transit.

Your user data is encrypted as it moves between services.

✅ Hookdeck supports SAML and OIDC SSO.

Hookdeck offers single sign-on with all the major Identify Providers with an Enterprise plan.

🏁 Hookdeck partially supports Two-Factor Authentication (2FA).

Hookdeck does not yet support two-factor authentication for email and password authentication, but 2FA can be obtained through our GitHub, Google and SSO login providers .

❌ Hookdeck is not E2E encrypted.

If full, end-to-end encryption is important to you, please contact us.