BorakDeskBorakDesk
Sign inRequest demo →
Security & compliance

Compliance is infrastructure, not a checkbox.

BorakDesk is built for regulated industries — HIPAA-aware, GDPR-native, multi-region data residency, audit trails on every send. The same platform that runs music-label promo blasts runs HIPAA-compliant patient recall flows.

GDPR
Compliant
Full GDPR support: right to access, deletion, portability, consent management, EU data residency.
HIPAA
BAA available
HIPAA-aware data architecture for healthcare customers. BAA available on Enterprise plan.
SOC 2 Type II
In progress
Audit underway. Target completion Q3 2026. Pre-audit documentation available on request.
TCPA
Compliant
Consent tracking, quiet hours, audit trails for every SMS and WhatsApp send.
CCPA
Compliant
California Consumer Privacy Act: right-to-know, right-to-delete, opt-out of sale workflows built in.
Data residency
US · EU · APAC
Three regions for data residency. Your tenant's data lives in the region of your choosing.
Architecture

How we build for compliance.

Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Database-level encryption with managed keys. Customer-managed keys available on Enterprise.
Multi-region routing
Contact records route to the regional database based on consent and residency rules. EU contacts never touch US infrastructure.
Audit trails
Every send, every segment, every export logged with actor + timestamp. Exportable for SOC reviews.
Role-based access control
Granular permissions per workspace. Custom roles, SSO + SCIM provisioning on Enterprise.
Zero-trust internals
No engineer can access production customer data without break-glass approval, logged + reviewed.
Penetration testing
Annual third-party penetration test. Reports available under NDA.
Reports & documents

What we can share.

Data Processing Agreement (DPA)
Available at /data-processing-agreement for self-service review and signature.
Subprocessor list
Current subprocessors: Microsoft Azure (hosting), Clerk (auth), Stripe (billing), Twilio (SMS aggregation), Meta (WhatsApp BSP). Notified 30 days before any change.
BAA (Healthcare customers)
Available on Enterprise plan. Email security@borakdesk.com to request.
Penetration test summary
Latest pentest summary available under NDA. Email security with your NDA template.
SOC 2 audit status
Audit in progress, target completion Q3 2026. Pre-audit documentation (controls matrix, evidence samples) available on request.

Compliance team wants more?

We respond to compliance questionnaires within 2 business days. Email security@borakdesk.com with your form, NDA, or audit request.

Email security team