Compliance

Meeting global standards and regulations

GDPR Compliance

Perca.ir is fully compliant with the EU General Data Protection Regulation (GDPR):

  • Data Minimization: We collect only essential security data
  • Right to Access: Users can request copies of their data
  • Right to Erasure: Users can request data deletion (subject to legal obligations)
  • Data Portability: Export your data in machine-readable formats
  • Breach Notification: 72-hour notification requirement for data breaches
  • DPO Appointed: Dedicated Data Protection Officer for EU users
  • Lawful Basis: Processing based on legitimate interest and consent

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA):

  • Right to Know: Disclosure of data categories collected and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of data sales (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices
  • Authorized Agents: Accept requests through authorized representatives

SOC 2 Type II

Our SOC 2 Type II audit verifies our security, availability, and confidentiality controls:

  • Security: Comprehensive access controls and monitoring
  • Availability: 99.9% uptime SLA with redundancy
  • Processing Integrity: Accurate and timely data processing
  • Confidentiality: Data encrypted in transit and at rest
  • Privacy: PII handling procedures documented and audited

Request SOC 2 Report: Available to Enterprise customers and prospects under NDA

ISO 27001:2013

Certified for Information Security Management Systems (ISMS):

  • Risk Assessment: Annual risk analysis and treatment
  • Asset Management: Inventory and classification of information assets
  • Access Control: Role-based access with principle of least privilege
  • Cryptography: Strong encryption standards (AES-256, RSA-4096)
  • Operations Security: Change management and capacity planning
  • Incident Management: Documented procedures for security events
  • Business Continuity: Disaster recovery and backup procedures

PCI DSS Level 1

Payment Card Industry Data Security Standard compliance:

  • Secure Network: Firewall protection and secure configurations
  • Data Protection: No storage of sensitive card data
  • Encryption: All payment data encrypted in transit
  • Tokenization: Payment processors (Stripe) handle card processing
  • Regular Testing: Quarterly vulnerability scans and penetration tests

COPPA Compliance

Children's Online Privacy Protection Act compliance:

  • Age Verification: Games using our service must verify player age
  • Parental Consent: Support for parental consent mechanisms
  • Limited Collection: No personal information from children under 13
  • Parental Rights: Parents can review and delete child data

Industry Standards

NIST Cybersecurity Framework

Aligned with NIST CSF core functions

CIS Controls

Implements Critical Security Controls

OWASP Top 10

Protected against common vulnerabilities

Microsoft WHQL

Windows Hardware Quality Labs certified

Subprocessors & Data Transfers

We use carefully vetted subprocessors for specific services:

Cloud Hosting

AWS/Azure (SOC 2, ISO 27001 certified)

Payment Processing

Stripe (PCI DSS Level 1)

Email Services

SendGrid (SOC 2 Type II)

EU Data Residency: Enterprise customers can request EU-only data storage

Audits & Assessments

Our compliance posture is verified through regular assessments:

  • Annual SOC 2 Type II audits
  • Quarterly penetration testing
  • Monthly vulnerability scans
  • Bi-annual ISO 27001 surveillance audits
  • Continuous automated security monitoring

Contact Compliance Team

For compliance-related inquiries, certification requests, or audit documentation:

Email: compliance@perca.ir
DPO: dpo@perca.ir (EU residents)
Address: [Your Company Address]