OnceHub is committed to compliance with the General Data Protection Regulation (GDPR). We stand by the GDPR’s key principles, including data protection by design, data protection by default, fairness, transparency, and breach notification. We provide our users with the tools necessary to ensure they can use all OnceHub products in a GDPR compliant manner.
PCI Level 1
OnceHub is a PCI DSS level 1 service provider. Our payment platform has achieved certified compliance against all PCI DSS version 3.2 requirements and is validated annually by an independent PCI Qualified Security Assessor. We protect your payment data before, during, and after purchase.
OnceHub is audited for SOC 2 Type 2 compliance by Ernst & Young. The SOC 2 report outlines how our controls and processes uphold the trust service principles of security, confidentiality, privacy, availability, and processing integrity. Auditing of this report is conducted over a one year monitoring period for both suitability and effectiveness.
OnceHub complies with the policies and processes required to protect your data and to satisfy HIPAA and the HITECH Act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security.
We provide educators and other members of the education community with the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations can export, correct, and share their OnceHub data as they see fit.