Compliance overview
Effective date: July 12, 2026.
| Area | Where we stand |
|---|---|
| GDPR / UK GDPR | We act as processor; a DPA with SCCs is available. See Privacy. |
| CCPA / CPRA | We don't sell personal data; consumer rights supported via export/delete. |
| 21 CFR Part 11 / EU Annex 11 (GxP) | Technical controls provided (audit trail, e-signatures, version history, access control) — compliance via your validated use. See Part 11. |
| HIPAA | PHI not supported by default; BAA available on request — contact us before storing PHI. |
| Data residency | Bring-your-own database/storage lets you keep data in the region and provider you choose. |
| SOC 2 / ISO 27001 / PCI-DSS | Held by our infrastructure providers (see Sub-processors); NextELN's own attestation is on the roadmap. |
| Security practices | See Security. |
| Data durability & liability | See Data integrity & liability. |
Need a compliance questionnaire, DPA, or validation package for procurement? Email support@nexteln.com.
Last updated 7/12/2026