> ## Documentation Index > Fetch the complete documentation index at: https://docs.poly.ai/llms.txt > Use this file to discover all available pages before exploring further. # Compliance > Our global standards and certifications for data security and privacy. PolyAI meets international standards for data security and privacy. Our voice agents comply with governmental and industry frameworks. Below is an overview of the certifications and standards we adhere to and how they support our clients' compliance programs. ## Certifications and standards ### ISO27001 We are certified for **ISO/IEC 27001**, the international standard for information security management systems (ISMS). * Learn more about [ISO27001](https://www.iso.org/standard/54534.html). ### SOC 2 Type II PolyAI has achieved **SOC 2 Type II** compliance, covering data security, availability, processing integrity, confidentiality, and privacy. * Learn more about [SOC 2](https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2). ### HIPAA Where relevant, our systems are designed to meet **HIPAA (Health Insurance Portability and Accountability Act)** requirements. Protected health information (PHI) is handled securely. * Learn more about [HIPAA](https://www.hhs.gov/hipaa/). * Learn about [AWS S3](/call-data/s3-to-s3) for long-term storage. ### PCI-DSS Where relevant, PolyAI is committed to complying with the **PCI-DSS (Payment Card Industry Data Security Standard)** for payment card data. * Learn more about [PCI-DSS](https://www.pcisecuritystandards.org/). ### Cyber Essentials & Cyber Essentials Plus We are certified under the [UK NCSC (National Cyber Security Center)](https://www.ncsc.gov.uk/) **Cyber Essentials** and **Cyber Essentials Plus** frameworks, which protect against a wide variety of cyber threats. * Learn more about [Cyber Essentials](https://www.ncsc.gov.uk/cyberessentials/overview). ### GDPR PolyAI complies with the **General Data Protection Regulation (GDPR)** to protect personal data and the privacy of individuals in the European Union. This includes: * Transparent data processing practices. * Secure handling of personal and sensitive information. * Measures to prevent data breaches. * Providing individuals with control over their personal data, including access and deletion requests. * Learn more about [GDPR](https://ec.europa.eu/info/law/law-topic/data-protection_en).