Security & Compliance

WeComply.chat is built on a modern, cloud-native stack (Next.js, Firebase) leveraging Google Cloud Platform's world-class security infrastructure.

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Automated DDoS protection and WAF.
• Strict IAM policies and least-privilege access controls.

Our platform is designed to help you meet your compliance goals, and we apply those same standards to ourselves.

• ISO 27001: Our controls are mapped to ISO 27001 frameworks.
• SOC 2 Type II: We partner with Google Cloud, a SOC 2 Type II certified provider.
• GDPR: Built-in support for Data Subject Access Requests (DSAR).

We respect the sovereignty of your data.

• Hosting: Primary data storage in secure Google Cloud regions (EU or US options available on Enterprise).
• Separation: Strict logical separation of tenant data via our Multi-Tenant architecture.
• Retention: Automated retention policies aligned with your subscription settings.

We use a minimal set of trusted third-party sub-processors to deliver our service.

• Google Cloud Platform (Firebase): Hosting, Database, and Auth.
• Vercel: Edge Network and Frontend Delivery.

List last updated: 5/13/2026