Sully logo
Live monitoring by Delve
Sully Compliance Report
Sully is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

Compliance Certifications

We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.

ISO 27001Compliant

ISO 27001

A global standard that defines best practices for information security management systems (ISMS) — used across industries.

Continuously monitored
SOC 2 Type IICompliant

SOC 2 Type II

Audited controls for security, availability, and confidentiality trust service principles with an observation period.

Last audit: November 2024
HIPAACompliant

HIPAA

US regulation that safeguards medical data privacy and security. Essential for healthcare providers, insurers, and related tech.

Continuously monitored
GDPRCompliant

GDPR

EU regulation that governs personal data protection and privacy for individuals within the EU. Applies globally to anyone handling EU data.

Continuously monitored
PIPEDACompliant

PIPEDA

Canadian regulation that governs how businesses collect, use, and disclose personal information in the course of commercial activity.

Continuously monitored
PDPLCompliant

PDPL

Saudi Arabia's Personal Data Protection Law, which is a set of regulations designed to protect individuals' personal data.

Continuously monitored

Resource Library

Access our security documentation, policies, and compliance reports.

PDF

PIPEDA

Compliance Report

PDF

PDPL

Compliance Report

PDF

SOC 2 Type II

Compliance report

PDF

ISO27001

Compliance report

PDF

Business Impact Assessment Policy

Policy document

PDF

AI Ethics and Governance

Policy document

Security controls

Our comprehensive security program includes controls across multiple domains to protect your data.

Access Control & Authorization

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Access Review of Infrastructure
Completed

Compliance with Regulations & Standards

LIVE
Age Verification and Parental/​guardian Consent Process
Completed
Anonymization/​pseudonymization Process Documentation
Completed
Appointment Agreement for EU Representative
Completed

Data Protection & Privacy

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Alerts and Remediation
Completed

Governance & Oversight

LIVE
Anonymization/​pseudonymization Process Documentation
Completed
Background Checks
Completed
Cooperation Agreements/​data Sharing Frameworks
Completed

IT & Operational Security

LIVE
Alerts and Remediation
Completed
Application Outages
Completed
Asset Disposal Procedure
Completed

Risk & Compliance Management

LIVE
Access Control Procedures
Completed
Alerts and Remediation
Completed
Board Charter
Completed
Showing 6 of 7 control categories

Frequently Asked Questions

Find answers to common questions about our security and compliance practices.

Our Security Commitment

Security Shield

At Sully, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies.

We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.

Privacy Policy
Monitored byDelve Logo