← All guides

Compliance overview

Effective date: July 12, 2026.

Area Where we stand
GDPR / UK GDPR We act as processor; a DPA with SCCs is available. See Privacy.
CCPA / CPRA We don't sell personal data; consumer rights supported via export/delete.
21 CFR Part 11 / EU Annex 11 (GxP) Technical controls provided (audit trail, e-signatures, version history, access control) — compliance via your validated use. See Part 11.
HIPAA PHI not supported by default; BAA available on request — contact us before storing PHI.
Data residency Bring-your-own database/storage lets you keep data in the region and provider you choose.
SOC 2 / ISO 27001 / PCI-DSS Held by our infrastructure providers (see Sub-processors); NextELN's own attestation is on the roadmap.
Security practices See Security.
Data durability & liability See Data integrity & liability.

Need a compliance questionnaire, DPA, or validation package for procurement? Email support@nexteln.com.

Last updated 7/12/2026