Compliance
OnceHub’s commitment to data protection and digital security
Since so many of our customers work in highly regulated industries like financial services and healthcare, it’s essential that our product and processes help smooth their path to compliance.
Browse these pages for information on certifications and compliance-related tools. For more detail, please request our due diligence pack, which includes copies or summaries of third-party audits and testing proving our commitment to data protection and digital security
Data protection and digital security certifications
PCI DSS compliance
OnceHub is a PCI DSS level 1 service provider. Our payment platform has achieved certified compliance against all PCI DSS version 3.2.1 requirements and is validated annually by an independent PCI Qualified Security Assessor.
SOC 2 compliance
OnceHub is audited for SOC 2 Type 2 compliance by EY annually. The SOC 2 report outlines how our controls and processes uphold the trust service principles of security, confidentiality, privacy, availability, and processing integrity.
CSA STAR Level 1
OnceHub participates in the Cloud Security Alliance’s voluntary Security, Trust, Assurance, and Risk (STAR) program to attest to our compliance with CSA-published security and privacy best practices.
Download our CSA Consensus Assessments Initiative Questionnaire
Help with data protection and digital security
GDPR compliance
OnceHub embraces the core principles of the GDPR and provides our customers with tools to configure their appointment scheduling assets and workflows in a GDPR-compliant way.
FINRA compliance
OnceHub helps its customers in financial services achieve relevant compliance with FINRA, especially as it pertains to recordkeeping and the protection of investors’ sensitive financial and personal data.
HIPAA compliance
OnceHub complies with the policies and processes required to protect your data and to satisfy HIPAA and the HITECH Act.
FERPA compliance
We provide educators and other members of the education community with the tools necessary to maintain compliance with the Family Educational Rights and Privacy Act (FERPA).