Videos
Blog
Teams
Use Cases
Help Center Events Product Updates
Privacy And Security

Security Protocol Adherence

Privacy And Security | Security Protocol Adherence

*Compliant for the year 2026

GDPR

What Is GDPR?

GDPR stands for the General Data Protection Regulation. Enacted by the European Union (EU) on May 25, 2018, it serves as a comprehensive legal framework designed to ensure the personal data of EU citizens remains private, safe, and secure. It fundamentally reshaped how organizations approach data privacy, placing the control back in the hands of the individual.

Is Creately GDPR Compliant?

Yes. At Creately, we prioritize the security and protection of your personal information. To meet the standards set by the GDPR, we have implemented rigorous security protocols and additional layers of protection to ensure your data remains private and secure at all times.

As a Creately user, you maintain full transparency and control over your personal information. Under the GDPR, you have the following rights:

  • Access and Portability: You can request a copy of the personal data we hold about you in a commonly used electronic format.
  • Rectification: You have the right to update or correct any inaccurate information.
  • **Erasure (Right to be Forgotten): **You may request the permanent deletion of your data from our systems.

To exercise any of these rights, please contact our support team at support@creately.com with the details of your request, and we will process it in accordance with applicable legal requirements.

How Does Creately Collect This Data?

Creately collects and processes personal data primarily to provide a seamless, collaborative experience. This collection occurs through several touchpoints where you interact with our platform:

  • Account Creation: When you sign up, we collect essential information such as your name and email address to establish your identity and secure your workspace.
  • Service Upgrades: When you purchase a subscription or upgrade your service, we collect billing details and address information required for payment processing.
  • Service Usage: As you use the platform, we collect Usage Data (such as IP addresses and browser types) and use Cookies to remember your preferences and ensure the security of your session.
  • User Content: While not “personal data” in the traditional sense, we securely store the diagrams, comments, and metadata you actively create to enable collaboration.

We process this data based on your explicit consent and our commitment to fulfilling our service agreement with you.

Could Non-EU Citizens Request Changes to the Personal Information Creately Processed?

Yes. While the GDPR was designed to protect EU citizens, Creately’s commitment to data privacy is global. We believe that every user should have the same high level of control over their information, regardless of their geographic location.

Our data protection and access rights—including the right to access, rectify, or delete your information—apply to all Creately users. Whether you are in Australia, the United States, or anywhere else in the world, you can exercise these rights by contacting us at support@creately.com.

You can learn more about GDPR by visiting the European Commission’s website here.

SOC 2 Type 2

What Is SOC 2 Type 2?

SOC 2 (System and Organization Controls) Type 2 is a rigorous audit procedure developed by the American Institute of Certified Public Accountants (AICPA). The Type 2 report evaluates the operational effectiveness of those controls over an extended period (typically 6 to 12 months).

It serves as a gold standard for service organizations, ensuring that they consistently follow it to protect customer data across three key Trust Service Criteria:

  • Security: Protection against unauthorized access.
  • Availability: Ensuring the system is available for operations and use.
  • Confidentiality: Protecting data designated as confidential.

Is Creately SOC 2 Type 2 Certified?

Yes. Creately has completed the SOC 2 Type 2 audit. This independent validation confirms that our security controls are designed correctly and are operated consistently to safeguard your data.

ISO 27001: 2022

What Is ISO 27001: 2022?

ISO/IEC 27001 is the leading international standard for Information Security Management Systems (ISMS). The 2022 update is the most recent revision of this standard, reflecting the modern digital landscape. It provides a framework of policies and controls that help organizations manage their information security risks through a systematic and ongoing process.

Earning this certification means an organization has moved beyond simple “IT security” to a comprehensive approach that includes:

  • Risk Management: Proactively identifying and mitigating threats.
  • Operational Excellence: Standardizing security across all departments and functions.
  • Security Resilience: Ensuring the organization can withstand and recover from potential security incidents.

Is Creately ISO 27001 Certified?

Yes. Creately is ISO 27001 certified, demonstrating our adherence to global standards for security excellence. Our certification confirms that we have established and maintain a robust ISMS to protect our users’ ideas, diagrams, and data.

For our users, this certification is a testament to our commitment to continuous improvement. We don’t just set security policies; we subject them to regular independent audits to ensure our risk management strategies and technical safeguards are operating at peak efficiency.

HIPAA Compliance

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that establishes national standards for the protection of sensitive patient health information. It mandates that electronic Protected Health Information (ePHI) be handled with strict administrative, physical, and technical safeguards to ensure its confidentiality, integrity, and availability.

Compliance is mandatory for “Covered Entities” (healthcare providers, health plans) and their “Business Associates” (SaaS providers like Creately) that handle ePHI during the course of their service.

Is Creately HIPAA Compliant?

Yes. Creately supports healthcare and life sciences organizations by maintaining full HIPAA compliance. We have implemented the necessary technical and administrative controls required to secure ePHI within our platform.

To support our healthcare partners, Creately offers the following:

  • Business Associate Agreements (BAAs): We are prepared to sign BAAs with our enterprise partners, contractually obligating us to meet HIPAA’s privacy and security standards.
  • Technical Safeguards: All ePHI is protected by AES-256 encryption at rest and TLS 1.2 or higher in transit.
  • Access Control: Our Role-Based Access Control (RBAC) and Single Sign-On (SSO) capabilities ensure that access to sensitive health information is restricted to authorized personnel only, following the principle of least privilege.
  • Audit Logs: We maintain comprehensive logs of system activity, allowing for the “who, what, when, and where” tracking required by the HIPAA Security Rule.