Legal compliance for data security

Educate partners with trusted third-party service providers to manage the technical operations required for hosting the website.

Top Image Legal

Comprehensive Security & Compliance

Our Robust Compliance Measures


Our Robust Compliance Measures

Policies

Accreditations

ISO/IEC 27001:2022 certified
ISO/IEC 42001:2023 certified
SOC 2 & 3 Reports - AWS, Google Cloud, Azure
Penetration Testing Certificate
CSA STAR Level 1

HIPAA Compliance at CACTUS

CACTUS is committed to providing a secure, compliance-ready platform for clients operating within the healthcare ecosystem. Our infrastructure is designed to support compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA), where required, subject to the execution of a formal Business Associate Addendum (BAA) process.

Our HIPAA workflow:

  • No PHI by Default: Use of the Services does not involve the collection, access, use, or processing of Protected Health Information (PHI) unless a duly executed Business Associate Addendum (BAA) is in place.
  • Request a BAA: If your organization is a "Covered Entity" or "Business Associate" under HIPAA and requires disclosing or processing PHI, please request a BAA by emailing us at privacy@cactusglobal.com.
  • Review & Sign: Upon receipt of request, we will review your data requirements and where appropriate, provide our standard BAA for electronic signature.

For consistency, operational integrity, and auditability across our platform, CACTUS uses a standardised BAA and is generally unable to accept client-drafted or customised agreements. If you are a covered entity, you agree not to use CACTUS services for any purpose or in any manner involving PHI without first entering into a BAA and ensuring that your use of the services complies with applicable HIPAA requirements.

Know More
Sub-processors

Sub-processors

Before engaging any sub-processors, Editage conducts a thorough vendor-review process to ensure due diligence. This process evaluates how customer personal data is protected and includes security and privacy assessments, a detailed review of the vendor’s compliance practices, and an in-depth legal review of their data handling practices.

All sub-processor relationships are governed by contractual obligations and NDAs to ensure customer data privacy and transparency.

Meet a few of our trusted sub-processing partners

NAME PURPOSE OF PROCESSING LOCATION
Amazon Web Services, Inc. Amazon Web Services, Inc. .Logo Cloud Service Provider USA, Singapore, & Japan
Google Cloud Platform Google Cloud Platform Logo Cloud Service Provider USA, Ireland, Netherland, Germany, & Singapore
Microsoft Azure Microsoft Azure Logo Cloud Service Provider Ireland
Twilio, Inc. Twilio, Inc. Logo Cloud communications platform for sending transactional emails USA
Stripe Payment Gateway Stripe Payment Gateway Logo Payment Gateway Singapore
PayPal PayPal Logo Payment Gateway Singapore
Oracle Fusion Oracle Fusion Logo Tool for maintenance of finance records. Netherland
Sentry Sentry Error handling, Logs and Monitoring USA, Canada, & Europe
Palo-Alto Palo-Alto Information Security, and monitoring India, Indonesia, Singapore, Australia, Japan, Ireland, UK, France, Canada, & USA
OpenAI OpenAI Logo LLM Enterprise Provider -
Anthropic Anthropic Logo LLM Enterprise Provider via AWS/GCP/Azure USA
Meta Meta Logo Open Source LLMs USA
NewRelic Meta Logo Monitor, Troubleshoot and Health of Digital Systems USA
Gemini LLM model Meta Logo Multimodal AI Models USA
Cyber Insurance

Cyber Insurance

Cyber insurance is a key component of our security risk mitigation strategy. We have an insurance policy in place that includes cyber coverage to protect against financial losses in the event of a security incident.
Data Processing Agreement

Data Processing Agreement

Editage upholds robust and compliant data processing practices. This is a legally binding document between a data controller and a data processor that outlines the roles, responsibilities, and obligations related to the handling of personal data.
Master Services Agreement

Master Services Agreement

The use of Editage services and products, including associated rights, limitations, and privacy protections, is governed by business terms and conditions.