Modular Compliance is built on enterprise-grade infrastructure with security at every layer. Our platform is hosted on Railway, which maintains SOC 2 Type II and SOC 3 certifications, with HIPAA compliance and full GDPR support including a Data Processing Agreement. All data is hosted on Google Cloud Platform (GCP) infrastructure and encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
The platform enforces role-based access control (RBAC), supports two-factor authentication (2FA), and provides detailed audit logs of all user activity. We collect only the minimum data necessary to deliver our service and do not sell or share your data with third parties. You can export or delete your data at any time. For questions about our security practices, contact info@modularcompliance.com.