Mutiny Compliance Overview

At Mutiny, we take data protection seriously and maintain compliance with key regulatory frameworks, including GDPR, CCPA, and SOC 2 Type II. This document outlines how we protect your data and meet our compliance obligations across these standards.

GDPR Compliance

The EU issued the GDPR as a way of bringing the outdated Data Protection Directive up to speed with the current state of technology. It outlines a list of regulations governing the processing of personal data from European consumers, regardless of business location.

The law brings up new responsibilities for data processors and plainly states the accountability of the data owners.

There are 99 articles that determine data protection, compliance, and enforcement rules. The most relevant aspects of GDPR compliance for website asset creation are below:

• Ask visitors if they want to opt-in or opt-out, and systematically respect that decision

• Only use the provided data for the specific purpose

• Do not sell, market, or share individual’s personal data

• Allow individuals to be able to delete their personal data

• Notify our customers, appropriate supervisory authority, and users of a data breach within 72 hours

• Implement technical and organizational measures to anonymize and encrypt personal data, maintain ongoing maintenance and validation of processing systems and services, and the ability to restore personal data in the event of a physical or technical security breach

• Designated Security Officer

In addition, for our Enterprise customers, we are able to execute a Data Protection Addendum along with the Mutiny Order Form to specify the rights, responsibilities, and processes for both parties.

CCPA Compliance

The CCPA was enacted into California law with the goal of strengthening consumer privacy rights by limiting access to sensitive consumer data. It applies to most for-profit companies that collect, share, or sell the personal data of California consumers, regardless of business location. You can think of the CCPA as California’s corollary to the European GDPR.

Similar to the GDPR, the act mandates that businesses must disclose what information is being collected from consumers and also gives them the right to forbid the sale of their personal data.

As with the GDPR, there are many aspects of the CCPA that are relevant for Mutiny. Mutiny is compliant through these processes:

• Updating the Mutiny Privacy Policy with respect to the CCPA

• Ask visitors if they want to opt-in or opt-out, and systematically respect that decision

• Only use the provided data for the specific purpose

• Do not sell, market, or share California residents’ personal data

• Allow individuals to be able to delete their personal data upon verification of the individual

• Maintain records of data information requests

• Implement and maintain a data inventory

• Implement reasonable security measures to ensure the confidentiality, integrity, and availability of personal data.

SOC 2 Type II Compliance

What is SOC 2? SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of CPAs (AICPA) that evaluates how service organizations handle customer data.

Our Type II certification means we've undergone a rigorous audit of our security controls over a minimum 6-month period, demonstrating that our controls operate effectively over time.

Audit Reports Our SOC 2 Type II reports are available to Enterprise customers under NDA upon request by emailing support@mutinyhq.com

Other Certifications

ISO certifications

Mutiny does not have any ISO certifications.