We comply with industry standards and privacy laws

We hold ourselves accountable to independent third-party auditing and testing.  Copies or summaries of our most recent reports are available on request as part of our due diligence pack.



OnceHub is committed to compliance with the General Data Protection Regulation (GDPR).  We stand by the GDPR’s key principles, including data protection by design, data protection by default, fairness, transparency, and breach notification.  We provide our users with the tools necessary to ensure they can use all OnceHub products in a GDPR compliant manner.

Learn more about using OnceHub in a GDPR compliance manner (ebook)


PCI Level 1

OnceHub is a PCI DSS level 1 service provider. Our payment platform has achieved certified compliance against all PCI DSS version 3.2 requirements and is validated annually by an independent PCI Qualified Security Assessor. We protect your payment data before, during, and after purchase.

View our PCI Certificate of Compliance



OnceHub is audited for SOC 2 Type 2 compliance by Ernst & Young. The SOC 2 report outlines how our controls and processes uphold the trust service principles of security, confidentiality, privacy, availability, and processing integrity. Auditing of this report is conducted over a one year monitoring period for both suitability and effectiveness.

Request a copy of our SOC II Report



OnceHub complies with the policies and processes required to protect your data and to satisfy HIPAA and the HITECH Act. All electronic protected health information (ePHI) collected, stored, and distributed by OnceHub products is encrypted both at rest and in transit, ensuring the highest level of security.

View our Business Associate Agreements


We provide educators and other members of the education community with the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA). We have multiple checks in place to ensure that only authorized users have access to data. As the data controller, educational organizations can export, correct, and share their OnceHub data as they see fit.