Compliance

Meeting the highest standards for data protection and privacy

Our Compliance Commitment

We are committed to maintaining compliance with international data protection regulations and industry best practices to ensure your data is handled responsibly and securely.

GDPR Compliant

Full compliance with EU General Data Protection Regulation

Active

CCPA Compliant

California Consumer Privacy Act compliance

Active

SOC 2 Type II

Service Organization Control 2 certification

In Progress

ISO 27001

Information Security Management certification

Planned

GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union. We comply with all GDPR requirements:

Data Subject Rights

We support all GDPR data subject rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of processing
  • Rights Related to Automated Decision-Making: Opt-out of automated profiling
Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: When you explicitly agree to data processing
  • Contract Performance: To provide our services
  • Legal Obligation: To comply with laws and regulations
  • Legitimate Interests: For security, fraud prevention, and service improvement
Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

dpo@shorturl.ultrahosts.co.uk
International Data Transfers

When transferring data outside the EEA, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions from the European Commission
  • Additional safeguards as required by GDPR

CCPA Compliance

The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their personal information:

Consumer Rights Under CCPA
  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices
Categories of Personal Information

We collect the following categories of personal information:

  • Identifiers (name, email, IP address)
  • Commercial information (subscription details, usage data)
  • Internet activity (clicks, device information, browsing behavior)
  • Geolocation data
Do Not Sell My Personal Information

We do not sell personal information. We do not share personal information with third parties for monetary consideration or other valuable consideration.

Exercising Your CCPA Rights

California residents can submit requests:

privacy@shorturl.ultrahosts.co.uk

SOC 2 Type II (In Progress)

We are currently pursuing SOC 2 Type II certification, which demonstrates our commitment to:

Trust Service Criteria
  • Security: Protection against unauthorized access
  • Availability: System accessibility as agreed
  • Processing Integrity: Complete, valid, and timely processing
  • Confidentiality: Protection of confidential information
  • Privacy: Collection, use, and disclosure of personal information
Current Implementation Status
Controls Implementation 85%

Expected Completion: Q1 2026

Data Processing Agreements

For enterprise customers requiring Data Processing Agreements (DPAs), we provide:

  • Standard contractual clauses for GDPR compliance
  • Business Associate Agreements for HIPAA compliance (if applicable)
  • Custom DPA terms based on your requirements
  • Subprocessor disclosures and notifications

Contact our legal team to request a DPA: legal@shorturl.ultrahosts.co.uk

International Compliance

Other Regulations We Monitor
  • PIPEDA (Canada): Personal Information Protection and Electronic Documents Act
  • LGPD (Brazil): Lei Geral de Proteção de Dados
  • PDPA (Singapore): Personal Data Protection Act
  • DPA (UK): Data Protection Act 2018
  • Privacy Act (Australia): Australian Privacy Principles

Compliance Practices

Regular Assessments
  • Quarterly compliance reviews
  • Annual third-party audits
  • Continuous monitoring and improvement
  • Privacy impact assessments for new features
Staff Training
  • Regular privacy and compliance training
  • Data handling best practices
  • Incident response procedures
  • Security awareness programs
Documentation
  • Records of processing activities
  • Data flow mapping
  • Vendor risk assessments
  • Policy and procedure documentation

Transparency Reports

We publish annual transparency reports detailing:

  • Government data requests
  • Law enforcement inquiries
  • Data breach incidents (if any)
  • Compliance audit results
  • Privacy metrics and statistics

Our latest transparency report will be available in Q4 2025.

Compliance Questions?

Our legal and compliance team is here to help

Contact Us Email Legal Team