Compliance & Certifications

1. Overview

RacterVault is committed to maintaining the highest standards of data protection, security, and compliance. We adhere to international regulations and industry best practices to protect your data and privacy.

2. GDPR Compliance

2.1 General Data Protection Regulation (EU)

RacterVault is fully compliant with the EU General Data Protection Regulation (GDPR). Our compliance includes:

2.2 Your GDPR Rights

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your account and data
• Right to Restriction: Limit how we process your data
• Right to Portability: Export your data in a standard format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent for optional processing

To exercise these rights, contact privacy@ractervault.com

2.3 Data Protection Officer

Our Data Protection Officer oversees GDPR compliance:

• Email: dpo@ractervault.com
• Role: Ensures compliance, handles data subject requests, liaises with supervisory authorities

3. Icelandic Data Protection

3.1 Icelandic Data Protection Act

As an Icelandic company, we comply with Iceland's Data Protection Act (Lög um persónuvernd og vinnslu persónuupplýsinga), which implements GDPR with additional local protections.

3.2 Supervisory Authority

We are registered with and supervised by:

• Persónuvernd (Icelandic Data Protection Authority)
• Website: www.personuvernd.is
• Email: postur@personuvernd.is

4. Security Standards & Certifications

4.1 Current Certifications

4.2 In Progress

5. Data Processing Agreements

5.1 Sub-Processors

We use the following sub-processors to provide our services:

All sub-processors have signed Data Processing Agreements (DPAs) and comply with GDPR.

5.2 Enterprise DPA

Enterprise customers can request a custom Data Processing Agreement:

• Email: enterprise@ractervault.com
• Standard DPA: Download template

6. Cryptographic Compliance

6.1 NIST Standards

Our cryptographic implementations follow NIST (National Institute of Standards and Technology) guidelines:

• AES-256-GCM: NIST FIPS 197 (symmetric encryption)
• SHA-256/SHA-512: NIST FIPS 180-4 (hashing)
• Argon2id: Password Hashing Competition winner
• Kyber-1024: NIST Post-Quantum Cryptography (ML-KEM)
• Dilithium5: NIST Post-Quantum Cryptography (ML-DSA)

6.2 Export Compliance

Our encryption software complies with export control regulations:

• Uses publicly available cryptographic algorithms
• No backdoors or key escrow (except user-controlled succession)
• Complies with Wassenaar Arrangement

7. Industry-Specific Compliance

7.1 HIPAA (Healthcare)

While not HIPAA-certified, RacterVault can be used as part of a HIPAA-compliant infrastructure:

• Zero-knowledge encryption meets HIPAA security requirements
• Business Associate Agreement (BAA) available for Enterprise customers
• Audit logs for compliance documentation

7.2 Financial Services

Suitable for financial data storage:

• Strong encryption (exceeds PCI DSS requirements)
• Audit trails and access logs
• Data retention policies

8. Transparency & Reporting

8.1 Transparency Reports

We publish annual transparency reports detailing:

• Number of law enforcement requests
• Types of requests received
• Number of accounts affected
• Requests challenged or rejected

View latest transparency report

8.2 Warrant Canary

We maintain a warrant canary to inform users about gag orders:

• View current warrant canary
• Updated monthly
• Cryptographically signed

8.3 Security Audits

We publish summaries of security audits:

• View audit reports
• Quarterly penetration testing
• Annual cryptographic review

9. Contact

• Compliance Team: compliance@ractervault.com
• Data Protection Officer: dpo@ractervault.com
• Enterprise Sales: enterprise@ractervault.com